Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-15467 (GCVE-0-2025-15467)
Vulnerability from cvelistv5 – Published: 2026-01-27 16:01 – Updated: 2026-06-09 09:02
VLAI
EPSS
Title
Stack buffer overflow in CMS (Auth)EnvelopedData parsing
Summary
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.
Because the overflow occurs prior to authentication, no valid key material
is required to trigger it. While exploitability to remote code execution
depends on platform and toolchain mitigations, the stack-based write
primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
10 references
Impacted products
210 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
3.6.0 , < 3.6.1
(semver)
Affected: 3.5.0 , < 3.5.5 (semver) Affected: 3.4.0 , < 3.4.4 (semver) Affected: 3.3.0 , < 3.3.6 (semver) Affected: 3.0.0 , < 3.0.19 (semver) |
|
| Siemens | AI Lightweight Inference Server |
Affected:
0 , < *
(custom)
|
|
| Siemens | Connector for Azure |
Affected:
0 , < V1.8.0
(custom)
|
|
| Siemens | Databus |
Affected:
0 , < V3.3.2
(custom)
|
|
| Siemens | HiMed Cockpit |
Affected:
0 , < *
(custom)
|
|
| Siemens | RUGGEDCOM RM1224 LTE(4G) EU |
Affected:
0 , < *
(custom)
|
|
| Siemens | RUGGEDCOM RM1224 LTE(4G) NAM |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE LPE9403 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE LPE9413 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE LPE9433 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M804PB |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M812-1 ADSL-Router family |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M816-1 ADSL-Router family |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M826-2 SHDSL-Router |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M874-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M874-3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M874-3 3G-Router (CN) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-3 (ROK) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-4 (EU) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-4 (NAM) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUB852-1 (A1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUB852-1 (B1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (A1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (B1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (EU) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (A1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (B1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (CN) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (EU) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (RoW) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE S615 EEC LAN-Router |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE S615 LAN-Router |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC622-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC626-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC632-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC636-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC642-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC646-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAB762-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM763-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM763-1 (ME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM763-1 (US) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 (ME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 (US) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC (ME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC (US) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUB762-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUB762-1 iFeatures |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM763-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM763-1 (US) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM766-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM766-1 (ME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM766-1 (USA) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X200-4P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X201-3P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X201-3P IRT PRO |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X202-2IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X202-2P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X202-2P IRT PRO |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2FM |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2LD TS |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2TS |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204IRT PRO |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA (HSR) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA (PRP) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA EEC (HSR) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA EEC (PRP) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA EEC (PRP/HSR) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X206-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X206-1LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X208 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X208PRO |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X212-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X212-2LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X216 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X224 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (230V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (230V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (24V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (2x 230V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (2x 230V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (2x 24V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (2x 24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X304-2FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X306-1LD FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (230V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (230V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (24V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (2x 230V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (2x 230V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (2x 24V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (2x 24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-3LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2LH |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2LH+ |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2M |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2M PoE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2M TS |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X310 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X310FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X320-1 FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X320-1-2LD FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X408-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC316-8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC324-4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC324-4 EEC |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC332 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC416-8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC424-4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC432 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF201-3P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF202-2P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF204 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF204-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF204-2BA IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF204IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF206-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF208 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR302-32 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR322-12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M (230V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M (230V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M (24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M (24V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M TS (24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (24V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (2x 24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (2x 24V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE (230V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE (230V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE (24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE (24V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE TS (24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR326-8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR326-8 EEC |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR502-32 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR522-12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR524-8WG |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR526-8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Shopfloor IT Suite |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIDIS Prime |
Affected:
V4.0.700 , < *
(custom)
|
|
| Siemens | Siemens OPC UA Modelling Editor (SiOME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC Comfort/Mobile RT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC eaSie Core Package |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC eaSie PCS 7 Skill Package |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC HMI Basic Panels |
Affected:
0 , < V17.9
(custom)
|
|
| Siemens | SIMATIC HMI Comfort Panels |
Affected:
0 , < V17.9
(custom)
|
|
| Siemens | SIMATIC HMI Mobile Panels |
Affected:
0 , < V17 Update 9
(custom)
|
|
| Siemens | SIMATIC IOT2050 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC IPC BX-21A |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC IPC MD-57A |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC IPC ORCLA |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV530 H |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV530 S |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV540 H |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV540 H CRANES |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV540 S |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV550 H |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV550 S |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV560 U |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV560 X |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC PDM V9.3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC RTLS Locating Manager |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC STEP 7 V5 |
Affected:
0 , < V5.7 SP4
(custom)
|
|
| Siemens | SIMATIC Target |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC OA V3.19 |
Affected:
0 , < V3.19 P024
(custom)
|
|
| Siemens | SIMATIC WinCC OA V3.20 |
Affected:
0 , < V3.20 P012
(custom)
|
|
| Siemens | SIMATIC WinCC OA V3.21 |
Affected:
0 , < V3.21 P02
(custom)
|
|
| Siemens | SIMATIC WinCC Runtime Advanced V17 |
Affected:
0 , < V17 Update 9
(custom)
|
|
| Siemens | SIMATIC WinCC Unified Sequence |
Affected:
0 , < V21
(custom)
|
|
| Siemens | SIMATIC WinCC V7.5 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC V8.0 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC V8.1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOTION OACAMGEN |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOVE Fleetmanager V3.1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOVE Fleetmanager V3.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOVE Fleetmanager V3.3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SINAMICS G200 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINAMICS G220 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINAMICS S200 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINAMICS S210 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINAMICS S220 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINEC INS |
Affected:
0 , < V1.0 SP2 Update 5
(custom)
|
|
| Siemens | SINEC NMS |
Affected:
0 , < *
(custom)
|
|
| Siemens | SINEC Security Monitor |
Affected:
0 , < *
(custom)
|
|
| Siemens | SINUMERIK Access MyMachine /OPC UA |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPLANT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE X202-2P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE X308-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SITRANS ASM IQ |
Affected:
0 , < *
(custom)
|
|
| Siemens | SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ) |
Affected:
0 , < *
(custom)
|
|
| Siemens | User Management Component (UMC) |
Affected:
0 , < V2.15.3.0
(custom)
|
|
| Siemens | Visual Inspection Cockpit |
Affected:
0 , < *
(custom)
|
Date Public
2026-01-27 14:00
Credits
Stanislav Fort (Aisle Research)
Igor Ustinov
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-25T21:10:03.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/27/10"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/25/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15467",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T03:55:41.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/guiimoraes/CVE-2025-15467"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "AI Lightweight Inference Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Connector for Azure",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Databus",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "HiMed Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE LPE9403",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE LPE9413",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE LPE9433",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3 3G-Router (CN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUB852-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUB852-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (CN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 EEC LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC622-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC626-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC632-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC636-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC642-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC646-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1 iFeatures",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA (HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA (PRP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (PRP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (PRP/HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC316-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC324-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC324-4 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC332",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC416-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC424-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC432",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR302-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR302-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR302-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR322-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR322-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR322-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-8 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR502-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR502-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR502-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR522-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR522-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR522-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Shopfloor IT Suite",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIDIS Prime",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.0.700",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Siemens OPC UA Modelling Editor (SiOME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Comfort/Mobile RT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC eaSie Core Package",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC eaSie PCS 7 Skill Package",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Basic Panels",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Panels",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Mobile Panels",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC IOT2050",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC IPC BX-21A",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC IPC MD-57A",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC IPC ORCLA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV530 H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV530 S",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 H CRANES",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 S",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV550 H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV550 S",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV560 U",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV560 X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PDM V9.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.7 SP4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Target",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC OA V3.19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.19 P024",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC OA V3.20",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.20 P012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC OA V3.21",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.21 P02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Advanced V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified Sequence",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V8.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V8.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION OACAMGEN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOVE Fleetmanager V3.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOVE Fleetmanager V3.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOVE Fleetmanager V3.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G220",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S210",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S220",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC Security Monitor",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK Access MyMachine /OPC UA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLANT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITRANS ASM IQ",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "User Management Component (UMC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Visual Inspection Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T09:02:04.779Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434797.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.4",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Igor Ustinov"
}
],
"datePublic": "2026-01-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\u003cbr\u003emaliciously crafted AEAD parameters can trigger a stack buffer overflow.\u003cbr\u003e\u003cbr\u003eImpact summary: A stack buffer overflow may lead to a crash, causing Denial\u003cbr\u003eof Service, or potentially remote code execution.\u003cbr\u003e\u003cbr\u003eWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\u003cbr\u003eAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\u003cbr\u003ecopied into a fixed-size stack buffer without verifying that its length fits\u003cbr\u003ethe destination. An attacker can supply a crafted CMS message with an\u003cbr\u003eoversized IV, causing a stack-based out-of-bounds write before any\u003cbr\u003eauthentication or tag verification occurs.\u003cbr\u003e\u003cbr\u003eApplications and services that parse untrusted CMS or PKCS#7 content using\u003cbr\u003eAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\u003cbr\u003eBecause the overflow occurs prior to authentication, no valid key material\u003cbr\u003eis required to trigger it. While exploitability to remote code execution\u003cbr\u003edepends on platform and toolchain mitigations, the stack-based write\u003cbr\u003eprimitive represents a severe risk.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"value": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "High"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T17:44:51.846Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"name": "3.6.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703"
},
{
"name": "3.5.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc"
},
{
"name": "3.4.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3"
},
{
"name": "3.3.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9"
},
{
"name": "3.0.19 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack buffer overflow in CMS (Auth)EnvelopedData parsing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-15467",
"datePublished": "2026-01-27T16:01:19.922Z",
"dateReserved": "2026-01-06T09:26:41.631Z",
"dateUpdated": "2026-06-09T09:02:04.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-15467",
"date": "2026-06-09",
"epss": "0.02889",
"percentile": "0.86601"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-15467\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2026-01-27T16:16:14.257\",\"lastModified\":\"2026-06-09T10:16:33.360\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\\n\\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\\nof Service, or potentially remote code execution.\\n\\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\\ncopied into a fixed-size stack buffer without verifying that its length fits\\nthe destination. An attacker can supply a crafted CMS message with an\\noversized IV, causing a stack-based out-of-bounds write before any\\nauthentication or tag verification occurs.\\n\\nApplications and services that parse untrusted CMS or PKCS#7 content using\\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\\nBecause the overflow occurs prior to authentication, no valid key material\\nis required to trigger it. While exploitability to remote code execution\\ndepends on platform and toolchain mitigations, the stack-based write\\nprimitive represents a severe risk.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\\nissue, as the CMS implementation is outside the OpenSSL FIPS module\\nboundary.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\\n\\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.\"},{\"lang\":\"es\",\"value\":\"Resumen del problema: Analizar un mensaje CMS AuthEnvelopedData con par\u00e1metros AEAD creados maliciosamente puede desencadenar un desbordamiento de b\u00fafer de pila.\\n\\nResumen del impacto: Un desbordamiento de b\u00fafer de pila puede provocar un fallo, causando Denegaci\u00f3n de Servicio, o potencialmente ejecuci\u00f3n remota de c\u00f3digo.\\n\\nAl analizar estructuras CMS AuthEnvelopedData que utilizan cifrados AEAD como AES-GCM, el IV (Vector de Inicializaci\u00f3n) codificado en los par\u00e1metros ASN.1 se copia en un b\u00fafer de pila de tama\u00f1o fijo sin verificar que su longitud se ajuste al destino. Un atacante puede proporcionar un mensaje CMS manipulado con un IV de tama\u00f1o excesivo, causando una escritura fuera de l\u00edmites basada en pila antes de que ocurra cualquier autenticaci\u00f3n o verificaci\u00f3n de etiqueta.\\n\\nLas aplicaciones y servicios que analizan contenido CMS o PKCS#7 no confiable utilizando cifrados AEAD (por ejemplo, S/MIME AuthEnvelopedData con AES-GCM) son vulnerables. Debido a que el desbordamiento ocurre antes de la autenticaci\u00f3n, no se requiere material de clave v\u00e1lido para desencadenarlo. Si bien la explotabilidad para la ejecuci\u00f3n remota de c\u00f3digo depende de las mitigaciones de la plataforma y la cadena de herramientas, la primitiva de escritura basada en pila representa un riesgo grave.\\n\\nLos m\u00f3dulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de CMS est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3 y 3.0 son vulnerables a este problema.\\n\\nOpenSSL 1.1.1 y 1.0.2 no se ven afectados por este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.19\",\"matchCriteriaId\":\"C76C5F55-5243-4461-82F5-2FEBFF4D59FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.0\",\"versionEndExcluding\":\"3.3.6\",\"matchCriteriaId\":\"791BA794-23EF-4671-B96B-3A7E3BF52490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.4\",\"matchCriteriaId\":\"B9D3DCAE-317D-4DFB-93F0-7A235A229619\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.5\",\"matchCriteriaId\":\"1CAC7CBE-EC03-4089-938A-0CEEB2E09B62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.1\",\"matchCriteriaId\":\"68352537-5E99-4F4D-B78A-BCF0353A70A5\"}]}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://openssl-library.org/news/secadv/20260127.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/01/27/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/02/25/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-434797.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://github.com/guiimoraes/CVE-2025-15467\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/01/27/10\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2026/02/25/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-02-25T21:10:03.795Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"AI Lightweight Inference Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Connector for Azure\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.8.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Databus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"HiMed Cockpit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RM1224 LTE(4G) EU\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RM1224 LTE(4G) NAM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE LPE9403\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE LPE9413\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE LPE9433\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M804PB\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M812-1 ADSL-Router family\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M816-1 ADSL-Router family\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M826-2 SHDSL-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M874-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M874-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M874-3 3G-Router (CN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-3 (ROK)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-4 (EU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-4 (NAM)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUB852-1 (A1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUB852-1 (B1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM853-1 (A1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM853-1 (B1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM853-1 (EU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (A1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (B1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (CN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (EU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (RoW)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE S615 EEC LAN-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE S615 LAN-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC622-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC626-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC632-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC636-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC642-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC646-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAB762-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM763-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM763-1 (ME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM763-1 (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 (ME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 EEC (ME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 EEC (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUB762-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUB762-1 iFeatures\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1 (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1 (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM766-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM766-1 (ME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM766-1 (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X200-4P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X200-4P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2FM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2LD TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA (HSR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA (PRP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA EEC (HSR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA EEC (PRP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA EEC (PRP/HSR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X206-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X206-1LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X208\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X208PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X212-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X212-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X216\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X224\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X304-2FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X306-1LD FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH+\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH+\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M PoE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M PoE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X320-1 FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X320-1-2LD FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X408-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC316-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC324-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC324-4 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC332\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC416-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC424-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC432\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF201-3P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204-2BA IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF206-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF208\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR302-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR302-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR302-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR322-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR322-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR322-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M TS (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M TS (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE TS (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE TS (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-8 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR502-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR502-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR502-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR522-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR522-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR522-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8WG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8WG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8WG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8WG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Shopfloor IT Suite\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIDIS Prime\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.0.700\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Siemens OPC UA Modelling Editor (SiOME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Comfort/Mobile RT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC eaSie Core Package\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC eaSie PCS 7 Skill Package\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC HMI Basic Panels\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17.9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC HMI Comfort Panels\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17.9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC HMI Mobile Panels\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IOT2050\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC BX-21A\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC MD-57A\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC ORCLA\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV530 H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV530 S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV540 H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV540 H CRANES\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV540 S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV550 H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV550 S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV560 U\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV560 X\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PDM V9.3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 V5\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.7 SP4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Target\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC OA V3.19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.19 P024\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC OA V3.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.20 P012\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC OA V3.21\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.21 P02\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Runtime Advanced V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Unified Sequence\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V21\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V7.5\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V8.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOTION OACAMGEN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOVE Fleetmanager V3.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOVE Fleetmanager V3.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOVE Fleetmanager V3.3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS G200\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS G220\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS S200\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS S210\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS S220\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC INS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.0 SP2 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC Security Monitor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINUMERIK Access MyMachine /OPC UA\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLANT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET SCALANCE X202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET SCALANCE X308-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SITRANS ASM IQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"User Management Component (UMC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Visual Inspection Cockpit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-434797.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-06-09T09:02:04.779Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-15467\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-19T18:39:38.156023Z\"}}}], \"references\": [{\"url\": \"https://github.com/guiimoraes/CVE-2025-15467\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T14:50:51.477Z\"}}], \"cna\": {\"title\": \"Stack buffer overflow in CMS (Auth)EnvelopedData parsing\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Stanislav Fort (Aisle Research)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Igor Ustinov\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"High\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.6.0\", \"lessThan\": \"3.6.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.5.0\", \"lessThan\": \"3.5.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.19\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-01-27T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20260127.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703\", \"name\": \"3.6.1 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc\", \"name\": \"3.5.5 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3\", \"name\": \"3.4.4 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9\", \"name\": \"3.3.6 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e\", \"name\": \"3.0.19 git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\\n\\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\\nof Service, or potentially remote code execution.\\n\\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\\ncopied into a fixed-size stack buffer without verifying that its length fits\\nthe destination. An attacker can supply a crafted CMS message with an\\noversized IV, causing a stack-based out-of-bounds write before any\\nauthentication or tag verification occurs.\\n\\nApplications and services that parse untrusted CMS or PKCS#7 content using\\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\\nBecause the overflow occurs prior to authentication, no valid key material\\nis required to trigger it. While exploitability to remote code execution\\ndepends on platform and toolchain mitigations, the stack-based write\\nprimitive represents a severe risk.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\\nissue, as the CMS implementation is outside the OpenSSL FIPS module\\nboundary.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\\n\\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\u003cbr\u003emaliciously crafted AEAD parameters can trigger a stack buffer overflow.\u003cbr\u003e\u003cbr\u003eImpact summary: A stack buffer overflow may lead to a crash, causing Denial\u003cbr\u003eof Service, or potentially remote code execution.\u003cbr\u003e\u003cbr\u003eWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\u003cbr\u003eAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\u003cbr\u003ecopied into a fixed-size stack buffer without verifying that its length fits\u003cbr\u003ethe destination. An attacker can supply a crafted CMS message with an\u003cbr\u003eoversized IV, causing a stack-based out-of-bounds write before any\u003cbr\u003eauthentication or tag verification occurs.\u003cbr\u003e\u003cbr\u003eApplications and services that parse untrusted CMS or PKCS#7 content using\u003cbr\u003eAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\u003cbr\u003eBecause the overflow occurs prior to authentication, no valid key material\u003cbr\u003eis required to trigger it. While exploitability to remote code execution\u003cbr\u003edepends on platform and toolchain mitigations, the stack-based write\u003cbr\u003eprimitive represents a severe risk.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2026-02-25T17:44:51.846Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-15467\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-09T09:02:04.779Z\", \"dateReserved\": \"2026-01-06T09:26:41.631Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2026-01-27T16:01:19.922Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0714
Vulnerability from certfr_avis - Published: 2026-06-09 - Updated: 2026-06-09
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | SCALANCE | SCALANCE X204RNA EEC (PRP) (6GK5204-0BS00-3LA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR322-12 (6GK5334-3TS00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG10-3HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG10-3AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Runtime Advanced V17 versions antérieures à 17.0.9 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPLUS | SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V18 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7KE85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X307-3LD (6GK5307-3BM10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X304-2FE (6GK5304-2BD00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-1EA30) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MU85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X204-2FM (6GK5204-2BB11-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SK85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-3LD (6GK5307-3BM00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC Comfort/Mobile RT toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X310 (6GK5310-0FA00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR326-8 (6GK5334-2TS00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC HMI Comfort Panels versions antérieures à 17.0.9 | ||
| Siemens | SCALANCE | SCALANCE X216 (6GK5216-0BA00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X208 (6GK5208-0BA10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X206-1LD (6GK5206-1BC10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE XR526-8 (6GK5534-2TR00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SX85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XC424-4 (6GK5428-4TR00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LD (6GK5308-2FM10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204-2LD (6GK5204-2BC10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV530 S (6GF3530-0CD10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SS85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD89 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X206-1 (6GK5206-1BB10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V19 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV540 S (6GF3540-0CD10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC IPC ORCLA toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X310FE (6GK5310-0BA00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC IPC BX-21A toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV540 H (6GF3540-0GE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X408-2 (6GK5408-2FD00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V20 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC OA V3.21 versions antérieures à 3.21.02 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2M TS (6GK5308-2GG10-2CA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X202-2P IRT PRO (6GK5202-2JR10-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR502-32 (6GK5534-5TR00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X310FE (6GK5310-0BA10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204-2 (6GK5204-2BB10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2M TS (6GK5308-2GG00-2CA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR322-12 (6GK5334-3TS00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR522-12 (6GK5534-3TR00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR524-8WG (6GK5532-2SR00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV530 H (6GF3530-0GE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204IRT (6GK5204-0BA10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-0DA30) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204RNA (HSR) (6GK5204-0BA00-2MB2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V21 versions antérieures à 21.0.2 | ||
| Siemens | SCALANCE | SCALANCE XF206-1 (6GK5206-1BC00-2AF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-0DA10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC STEP 7 V5 versions antérieures à 5.7.4 | ||
| Siemens | SCALANCE | SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7VE85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XC324-4 (6GK5328-4TS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UM85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LH (6GK5308-2FN00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR526-8 (6GK5534-2TR00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7VU85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X200-4P IRT (6GK5200-4AH10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC IPC MD-57A toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC V8.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204-2TS (6GK5204-2BB10-2CA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7ST85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XC316-8 (6GK5324-8TS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M876-4 (6GK5876-4AA10-2BA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified Sequence versions antérieures à 21 | ||
| Siemens | SCALANCE | SCALANCE XR302-32 (6GK5334-5TS00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR326-8 (6GK5334-2TS00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-1EA20) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIMATIC | SIMATIC MV560 X (6GF3560-0HE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR302-32 (6GK5334-5TS00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204IRT (6GK5204-0BA00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC OA V3.20 versions antérieures à 3.20.012 | ||
| Siemens | SCALANCE | SCALANCE XR526-8 (6GK5534-2TR00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-3 (6GK5307-3BL00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7KE85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ81 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR522-12 (6GK5534-3TR00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SY82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SK82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204 (6GK5204-0BA00-2AF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2 (6GK5308-2FL00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD84 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X204RNA EEC (HSR) (6GK5204-0BS00-2NA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SK85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X212-2LD (6GK5212-2BC00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M816-1 ADSL-Router family toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIMATIC | SIMATIC MV540 H CRANES (6GF3540-0GE30) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG10-1CR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X202-2P IRT (6GK5202-2BH10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LH (6GK5308-2FN10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC OA V3.19 versions antérieures à 3.19.024 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X201-3P IRT (6GK5201-3BH10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR322-12 (6GK5334-3TS00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIMATIC | SIMATIC MV560 U (6GF3560-0LE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE M812-1 ADSL-Router family toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7VK87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 Compact 7SX800 (CP050) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204-2 (6GK5204-2BC00-2AF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG10-1HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC V7.5 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-0DA00) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC IOT2050 (6ES7647-0BA00-1YA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7ST85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X307-3 (6GK5307-3BL10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR524-8WG (6GK5532-2SR00-2RR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC PDM V9.3 toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M876-3 (6GK5876-3AA02-2BA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV550 H (6GF3550-0GE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X320-1 FE (6GK5320-1BD00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204IRT (6GK5204-0BA10-2BF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR524-8WG (6GK5532-2SR00-3RR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-0DA20) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7VK87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X212-2 (6GK5212-2BB00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC Target toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF208 (6GK5208-0BA00-2AF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV550 S (6GF3550-0CD10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC HMI Mobile Panels versions antérieures à 17.0.9 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-1EA10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ81 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XC332 (6GK5332-0GA00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE SC626-2C (6GK5626-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204RNA EEC (PRP/HSR) (6GK5204-0BS00-3PA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE LPE9413 (6GK5998-3GS01-2AC2) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SCALANCE | SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X224 (6GK5224-0BA00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7ST86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIMATIC | SIMATIC HMI Basic Panels versions antérieures à 17.0.9 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XC416-8 (6GK5424-8TR00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SK82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LD (6GK5308-2FM00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIPLUS | SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR302-32 (6GK5334-5TS00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR524-8WG (6GK5532-2SR00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SX82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR502-32 (6GK5534-5TR00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204IRT (6GK5204-0BA00-2BF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SS85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE LPE9433 (6GK5998-3GS11-2AC2) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SIMATIC | SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG10-1AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC V8.1 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SCALANCE | SCALANCE X201-3P IRT PRO (6GK5201-3JR10-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2M (6GK5308-2GG10-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR502-32 (6GK5534-5TR00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204IRT PRO (6GK5204-0JA10-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X202-2IRT (6GK5202-2BB10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2 (6GK5308-2FL10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE X204RNA EEC (PRP) (6GK5204-0BS00-3LA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR322-12 (6GK5334-3TS00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG10-3HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG10-3AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced V17 versions ant\u00e9rieures \u00e0 17.0.9",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIPLUS",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V18 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7KE85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3LD (6GK5307-3BM10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-1EA30) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MU85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2FM (6GK5204-2BB11-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SK85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3LD (6GK5307-3BM00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Comfort/Mobile RT toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X310 (6GK5310-0FA00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR326-8 (6GK5334-2TS00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Panels versions ant\u00e9rieures \u00e0 17.0.9",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X216 (6GK5216-0BA00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X208 (6GK5208-0BA10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1LD (6GK5206-1BC10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8 (6GK5534-2TR00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SX85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC424-4 (6GK5428-4TR00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LD (6GK5308-2FM10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD (6GK5204-2BC10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV530 S (6GF3530-0CD10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SS85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD89 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1 (6GK5206-1BB10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V19 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 S (6GF3540-0CD10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC ORCLA toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X310FE (6GK5310-0BA00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC BX-21A toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 H (6GF3540-0GE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X408-2 (6GK5408-2FD00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V20 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.21 versions ant\u00e9rieures \u00e0 3.21.02",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M TS (6GK5308-2GG10-2CA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT PRO (6GK5202-2JR10-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR502-32 (6GK5534-5TR00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X310FE (6GK5310-0BA10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2 (6GK5204-2BB10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M TS (6GK5308-2GG00-2CA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR322-12 (6GK5334-3TS00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR522-12 (6GK5534-3TR00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8WG (6GK5532-2SR00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV530 H (6GF3530-0GE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT (6GK5204-0BA10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA30) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204RNA (HSR) (6GK5204-0BA00-2MB2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V21 versions ant\u00e9rieures \u00e0 21.0.2",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF206-1 (6GK5206-1BC00-2AF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 5.7.4",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7VE85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC324-4 (6GK5328-4TS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UM85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH (6GK5308-2FN00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8 (6GK5534-2TR00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7VU85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X200-4P IRT (6GK5200-4AH10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC MD-57A toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2TS (6GK5204-2BB10-2CA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7ST85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC316-8 (6GK5324-8TS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (6GK5876-4AA10-2BA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified Sequence versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR302-32 (6GK5334-5TS00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR326-8 (6GK5334-2TS00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-1EA20) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 X (6GF3560-0HE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR302-32 (6GK5334-5TS00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT (6GK5204-0BA00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.20 versions ant\u00e9rieures \u00e0 3.20.012",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8 (6GK5534-2TR00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3 (6GK5307-3BL00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7KE85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ81 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR522-12 (6GK5534-3TR00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SY82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SK82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 (6GK5204-0BA00-2AF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2 (6GK5308-2FL00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD84 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204RNA EEC (HSR) (6GK5204-0BS00-2NA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SK85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2LD (6GK5212-2BC00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router family toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 H CRANES (6GF3540-0GE30) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG10-1CR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT (6GK5202-2BH10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH (6GK5308-2FN10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.19 versions ant\u00e9rieures \u00e0 3.19.024",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT (6GK5201-3BH10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR322-12 (6GK5334-3TS00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 U (6GF3560-0LE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router family toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7VK87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 Compact 7SX800 (CP050) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2 (6GK5204-2BC00-2AF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG10-1HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA00) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IOT2050 (6ES7647-0BA00-1YA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7ST85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3 (6GK5307-3BL10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8WG (6GK5532-2SR00-2RR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM V9.3 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (6GK5876-3AA02-2BA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 H (6GF3550-0GE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204IRT (6GK5204-0BA10-2BF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8WG (6GK5532-2SR00-3RR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA20) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7VK87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2 (6GK5212-2BB00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Target toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF208 (6GK5208-0BA00-2AF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 S (6GF3550-0CD10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Mobile Panels versions ant\u00e9rieures \u00e0 17.0.9",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-1EA10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ81 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC332 (6GK5332-0GA00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC626-2C (6GK5626-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204RNA EEC (PRP/HSR) (6GK5204-0BS00-3PA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9413 (6GK5998-3GS01-2AC2) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X224 (6GK5224-0BA00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7ST86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Basic Panels versions ant\u00e9rieures \u00e0 17.0.9",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC416-8 (6GK5424-8TR00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SK82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LD (6GK5308-2FM00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIPLUS",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR302-32 (6GK5334-5TS00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8WG (6GK5532-2SR00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SX82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR502-32 (6GK5534-5TR00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SS85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9433 (6GK5998-3GS11-2AC2) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG10-1AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.1 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT PRO (6GK5201-3JR10-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M (6GK5308-2GG10-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR502-32 (6GK5534-5TR00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT PRO (6GK5204-0JA10-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2IRT (6GK5202-2BB10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2 (6GK5308-2FL10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2026-24349",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24349"
},
{
"name": "CVE-2025-40808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40808"
}
],
"initial_release_date": "2026-06-09T00:00:00",
"last_revision_date": "2026-06-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0714",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-139483",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139483.html"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-063511",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-063511.html"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-434797",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434797.html"
}
]
}
FKIE_CVE-2025-15467
Vulnerability from fkie_nvd - Published: 2026-01-27 16:16 - Updated: 2026-06-09 10:16
Severity
Summary
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.
Because the overflow occurs prior to authentication, no valid key material
is required to trigger it. While exploitability to remote code execution
depends on platform and toolchain mitigations, the stack-based write
primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791BA794-23EF-4671-B96B-3A7E3BF52490",
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619",
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62",
"versionEndExcluding": "3.5.5",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5",
"versionEndExcluding": "3.6.1",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue."
},
{
"lang": "es",
"value": "Resumen del problema: Analizar un mensaje CMS AuthEnvelopedData con par\u00e1metros AEAD creados maliciosamente puede desencadenar un desbordamiento de b\u00fafer de pila.\n\nResumen del impacto: Un desbordamiento de b\u00fafer de pila puede provocar un fallo, causando Denegaci\u00f3n de Servicio, o potencialmente ejecuci\u00f3n remota de c\u00f3digo.\n\nAl analizar estructuras CMS AuthEnvelopedData que utilizan cifrados AEAD como AES-GCM, el IV (Vector de Inicializaci\u00f3n) codificado en los par\u00e1metros ASN.1 se copia en un b\u00fafer de pila de tama\u00f1o fijo sin verificar que su longitud se ajuste al destino. Un atacante puede proporcionar un mensaje CMS manipulado con un IV de tama\u00f1o excesivo, causando una escritura fuera de l\u00edmites basada en pila antes de que ocurra cualquier autenticaci\u00f3n o verificaci\u00f3n de etiqueta.\n\nLas aplicaciones y servicios que analizan contenido CMS o PKCS#7 no confiable utilizando cifrados AEAD (por ejemplo, S/MIME AuthEnvelopedData con AES-GCM) son vulnerables. Debido a que el desbordamiento ocurre antes de la autenticaci\u00f3n, no se requiere material de clave v\u00e1lido para desencadenarlo. Si bien la explotabilidad para la ejecuci\u00f3n remota de c\u00f3digo depende de las mitigaciones de la plataforma y la cadena de herramientas, la primitiva de escritura basada en pila representa un riesgo grave.\n\nLos m\u00f3dulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de CMS est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 y 3.0 son vulnerables a este problema.\n\nOpenSSL 1.1.1 y 1.0.2 no se ven afectados por este problema."
}
],
"id": "CVE-2025-15467",
"lastModified": "2026-06-09T10:16:33.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-27T16:16:14.257",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2026/01/27/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2026/02/25/6"
},
{
"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434797.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/guiimoraes/CVE-2025-15467"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "openssl-security@openssl.org",
"type": "Secondary"
}
]
}
GHSA-WVHQ-3H88-RF6G
Vulnerability from github – Published: 2026-01-27 18:32 – Updated: 2026-06-09 12:32
VLAI
Details
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.
When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2025-15467"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T16:16:14Z",
"severity": "CRITICAL"
},
"details": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"id": "GHSA-wvhq-3h88-rf6g",
"modified": "2026-06-09T12:32:00Z",
"published": "2026-01-27T18:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434797.html"
},
{
"type": "WEB",
"url": "https://github.com/guiimoraes/CVE-2025-15467"
},
{
"type": "WEB",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/01/27/10"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/02/25/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
ICSA-26-132-05
Vulnerability from csaf_cisa - Published: 2026-03-12 00:30 - Updated: 2026-05-12 05:00Summary
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
Notes
Summary: ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability.
An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution.
Support: For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.
Information about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity.
Notice: The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.
ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.
This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.
All rights to registrations and trademarks reside with their respective owners.
General security recommendations: For any installation of software-related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:
- Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks).
- Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
- Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.
- Scan all data imported into your environment before use to detect potential malware infections.
- Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such.
- Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
Purpose: ABB has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security.
When a potential product vulnerability is identified or reported, ABB immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations.
The resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If ABB is aware of any specific threats, it will be clearly mentioned in the communication.
The publication of this Cyber Security Advisory is an example of ABB’s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.
Frequently Asked Questions: What causes the vulnerability?
- Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.
What is AC500 V3?
- The AC500 V3 is a scalable range of Programmable Logic Controller (PLC). It provides solutions for small, medium and high-end applications. The AC500 V3 platform offers different performance levels and is the ideal choice for high availability, extreme environments, condition monitoring, motion control or safety solutions. It offers interoperability and compatibility in hardware and software from compact PLCs up to high end and safety PLCs.
What might an attacker use the vulnerability to do?
- An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution.
How could an attacker exploit the vulnerability?
- Refer to section “Vulnerability severity and details“.
Could the vulnerability be exploited remotely?
- Yes, an attacker who has network access to an affected system node could exploit the vulnerabilities. Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed.
When this security advisory was issued, had this vulnerability been publicly disclosed?
- Yes, the vulnerabilities have been publicly disclosed.
When this security advisory was issued, had ABB received any reports that this vulnerability was being exploited?
- No, ABB had not received any information indicating that this vulnerability had been exploited when this security advisory was originally issued.
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of ABB PSIRT 3ADR011536 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact ABB PSIRT directly for any questions regarding this advisory.
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Critical infrastructure sectors: Chemical, Critical Manufacturing, Energy, Water and Wastewater
Countries/areas deployed: Worldwide
Company headquarters location: Switzerland
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0005 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0004 | — |
Vendor Fix
Mitigation
Workaround
|
References
15 references
Acknowledgments
ABB PSIRT
{
"document": {
"acknowledgments": [
{
"organization": "ABB PSIRT",
"summary": "reported this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability.\n\nAn attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution.",
"title": "Summary"
},
{
"category": "other",
"text": "For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.\n\nInformation about ABB\u2019s cyber security program and capabilities can be found at www.abb.com/cybersecurity.",
"title": "Support"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.\n\nABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.\n\nThis document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\n\nAll rights to registrations and trademarks reside with their respective owners.\n",
"title": "Notice"
},
{
"category": "other",
"text": "For any installation of software-related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:\n- Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks).\n- Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.\n- Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.\n- Scan all data imported into your environment before use to detect potential malware infections.\n- Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such.\n- Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.\n- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"title": "General security recommendations"
},
{
"category": "other",
"text": "ABB has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security.\n\nWhen a potential product vulnerability is identified or reported, ABB immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations.\n\nThe resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If ABB is aware of any specific threats, it will be clearly mentioned in the communication.\n\nThe publication of this Cyber Security Advisory is an example of ABB\u2019s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.",
"title": "Purpose"
},
{
"category": "faq",
"text": "What causes the vulnerability?\n- Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nWhat is AC500 V3?\n- The AC500 V3 is a scalable range of Programmable Logic Controller (PLC). It provides solutions for small, medium and high-end applications. The AC500 V3 platform offers different performance levels and is the ideal choice for high availability, extreme environments, condition monitoring, motion control or safety solutions. It offers interoperability and compatibility in hardware and software from compact PLCs up to high end and safety PLCs.\n\nWhat might an attacker use the vulnerability to do?\n- An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution.\n\nHow could an attacker exploit the vulnerability?\n- Refer to section \u201cVulnerability severity and details\u201c.\n\nCould the vulnerability be exploited remotely?\n- Yes, an attacker who has network access to an affected system node could exploit the vulnerabilities. Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed.\n\nWhen this security advisory was issued, had this vulnerability been publicly disclosed?\n- Yes, the vulnerabilities have been publicly disclosed.\n\nWhen this security advisory was issued, had ABB received any reports that this vulnerability was being exploited?\n- No, ABB had not received any information indicating that this vulnerability had been exploited when this security advisory was originally issued.",
"title": "Frequently Asked Questions"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of ABB PSIRT 3ADR011536 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact ABB PSIRT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "Chemical, Critical Manufacturing, Energy, Water and Wastewater",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - CSAF Version ",
"url": "https://psirt.abb.com/csaf/2026/3adr011536.json"
},
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - PDF Version ",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011536\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"summary": "OpenSSL Security Advisory [27th January 2026] ",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-26-132-05 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-132-05.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-26-132-05 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-05"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax",
"tracking": {
"current_release_date": "2026-05-12T05:00:00.000000Z",
"generator": {
"date": "2026-05-06T15:26:31.342014Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.5.0"
}
},
"id": "ICSA-26-132-05",
"initial_release_date": "2026-03-12T00:30:00.000000Z",
"revision_history": [
{
"date": "2026-03-12T00:30:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial version."
},
{
"date": "2026-05-12T05:00:00.000000Z",
"legacy_version": "CISA Republication",
"number": "2",
"summary": "Initial CISA Republication of ABB PSIRT 3ADR011536 advisory"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "PM5xxx",
"product": {
"name": "ABB AC500 V3 PM5xxx",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"3BNP102988R1"
]
}
}
}
],
"category": "product_family",
"name": "AC500 V3"
},
{
"branches": [
{
"category": "product_version",
"name": "3.9.0",
"product": {
"name": "ABB AC500 V3 Firmware 3.9.0",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version",
"name": "3.9.0_HF1",
"product": {
"name": "ABB AC500 V3 Firmware 3.9.0 HF1",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "AC500 V3 Firmware"
}
],
"category": "vendor",
"name": "ABB"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "ABB AC500 V3 Firmware 3.9.0 installed on ABB AC500 V3 PM5xxx",
"product_id": "CSAFPID-0004"
},
"product_reference": "CSAFPID-0002",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "ABB AC500 V3 Firmware 3.9.0 HF1 installed on ABB AC500 V3 PM5xxx",
"product_id": "CSAFPID-0005"
},
"product_reference": "CSAFPID-0003",
"relates_to_product_reference": "CSAFPID-0001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.\n\nBecause the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005"
],
"known_affected": [
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product version:\n- AC500 V3 firmware version 3.9.0 HF1\n\nABB recommends that customers apply the update at earliest convenience. This firmware version is released for all AC500 V3 PLC types and available for download from the ABB library.\n\nhttps://search.abb.com/library/Download.aspx?DocumentID=3ADR011537\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "workaround",
"details": "No workarounds are available",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
}
],
"title": "CVE-2025-15467"
}
]
}
NCSC-2026-0127
Vulnerability from csaf_ncscnl - Published: 2026-04-22 14:10 - Updated: 2026-04-22 14:10Summary
Kwetsbaarheden verholpen in Oracle PeopleSoft
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en deze te wijzigen. Daarbij kunnen de kwetsbaarheden leiden tot een denial-of-service van de betreffende producten.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-284: Improper Access Control
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-295: Improper Certificate Validation
CWE-297: Improper Validation of Certificate with Host Mismatch
A vulnerability in Oracle PeopleSoft Enterprise HCM Shared Components 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access, with a CVSS 3.1 score of 5.4.
5.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise HCM Absence Management 9.2 allows a high-privileged attacker with network access to exploit the system via HTTP, potentially causing unauthorized data modification with a CVSS 3.1 score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise PeopleTools Portal versions 8.61-8.62 allows unauthenticated network attackers to perform unauthorized read and write operations on accessible data, with a CVSS 3.1 base score of 6.1.
6.1 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 to 8.62 allows a high-privileged attacker with network access to modify data, read sensitive information, and cause partial denial of service, rated CVSS 3.1 score 6.6.
6.6 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources 9.2 allows a high-privileged attacker with HTTP network access to create, delete, or modify critical data, with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical or all accessible data, with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise FIN Contracts 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5 for confidentiality impact.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise FIN Project Costing 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise PeopleTools Workflow (versions 8.61-8.62) allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access to certain data, with a CVSS 3.1 score of 5.4.
5.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A high-severity vulnerability in Oracle PeopleSoft Enterprise PeopleTools 8.61-8.62 allows low-privileged attackers with network access to manipulate critical data via HTTP, with a CVSS 3.1 score of 8.1.
8.1 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise CS Student Records 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized access to critical data, rated CVSS 3.1 base score 5.7.
5.7 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
Multiple Python versions, including 3.6 through 3.13, have addressed denial of service vulnerabilities caused by infinite loops and deadlocks in the tarfile module when processing tar archives with negative offsets, alongside fixes for other security and stability issues.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A curl vulnerability (CVE-2025-14017) allows TLS option changes in one thread during multithreaded LDAPS transfers to affect other threads globally, potentially disabling certificate verification, alongside other security issues in libcurl and a MySQL Enterprise Backup flaw.
7.4 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
OpenSSL 3.x contains a stack buffer overflow vulnerability in CMS AuthEnvelopedData parsing with AEAD ciphers that can cause denial of service or remote code execution, affecting multiple vendors including Red Hat and NetApp, but not OpenSSL 1.1.1, 1.0.2, or FIPS modules.
9.8 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
libheif versions prior to 1.19.6 contain a NULL pointer dereference vulnerability in ImageItem_Grid::get_decoder, affecting Oracle Hyperion Financial Reporting 11.2.23 and Oracle PeopleSoft Enterprise PeopleTools 8.61-8.62, enabling unauthenticated denial of service attacks with a CVSS score of 7.5.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
Axios versions prior to 1.12.0 on Node.js improperly handle data: scheme URLs by decoding entire payloads into memory without size validation, enabling denial of service via unbounded memory allocation, alongside other vulnerabilities in HPE and Oracle products.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
urllib3 versions prior to 2.6.0 contain a vulnerability allowing unbounded decompression chains in HTTP responses, leading to excessive CPU and memory usage and resulting in Denial of Service conditions.
8.6 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.
5.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access to certain data, with a CVSS 3.1 score of 5.4.
5.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CC Common Application Objects
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Contracts
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise SCM Purchasing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise CS Student Records
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle Corporation / PeopleSoft Enterprise HCM Human Resources
|
vers:unknown/* |
References
22 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en deze te wijzigen. Daarbij kunnen de kwetsbaarheden leiden tot een denial-of-service van de betreffende producten.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle PeopleSoft",
"tracking": {
"current_release_date": "2026-04-22T14:10:36.199130Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0127",
"initial_release_date": "2026-04-22T14:10:36.199130Z",
"revision_history": [
{
"date": "2026-04-22T14:10:36.199130Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "PeopleSoft"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise CC Common Application Objects"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN Contracts"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise PeopleTools"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise SCM Purchasing"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise CS Student Records"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise HCM Human Resources"
}
],
"category": "vendor",
"name": "Oracle Corporation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22019",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise HCM Shared Components 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access, with a CVSS 3.1 score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22019 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22019.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-22019"
},
{
"cve": "CVE-2026-34266",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise HCM Absence Management 9.2 allows a high-privileged attacker with network access to exploit the system via HTTP, potentially causing unauthorized data modification with a CVSS 3.1 score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34266 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34266.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34266"
},
{
"cve": "CVE-2026-34269",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise PeopleTools Portal versions 8.61-8.62 allows unauthenticated network attackers to perform unauthorized read and write operations on accessible data, with a CVSS 3.1 base score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34269 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34269.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34269"
},
{
"cve": "CVE-2026-34277",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 to 8.62 allows a high-privileged attacker with network access to modify data, read sensitive information, and cause partial denial of service, rated CVSS 3.1 score 6.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34277 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34277.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34277"
},
{
"cve": "CVE-2026-34280",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources 9.2 allows a high-privileged attacker with HTTP network access to create, delete, or modify critical data, with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34280 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34280.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34280"
},
{
"cve": "CVE-2026-34295",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical or all accessible data, with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34295 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34295.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34295"
},
{
"cve": "CVE-2026-34299",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34299 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34299.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34299"
},
{
"cve": "CVE-2026-34300",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise FIN Contracts 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5 for confidentiality impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34300"
},
{
"cve": "CVE-2026-34301",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34301 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34301.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34301"
},
{
"cve": "CVE-2026-34306",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise FIN Project Costing 9.2 allows a low-privileged attacker with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34306 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34306.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34306"
},
{
"cve": "CVE-2026-34307",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise PeopleTools Workflow (versions 8.61-8.62) allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access to certain data, with a CVSS 3.1 score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34307 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34307.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34307"
},
{
"cve": "CVE-2026-34309",
"notes": [
{
"category": "description",
"text": "A high-severity vulnerability in Oracle PeopleSoft Enterprise PeopleTools 8.61-8.62 allows low-privileged attackers with network access to manipulate critical data via HTTP, with a CVSS 3.1 score of 8.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34309 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34309.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-34309"
},
{
"cve": "CVE-2026-35241",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise CS Student Records 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized access to critical data, rated CVSS 3.1 base score 5.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-35241 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35241.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-35241"
},
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple Python versions, including 3.6 through 3.13, have addressed denial of service vulnerabilities caused by infinite loops and deadlocks in the tarfile module when processing tar archives with negative offsets, alongside fixes for other security and stability issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-14017",
"cwe": {
"id": "CWE-567",
"name": "Unsynchronized Access to Shared Data in a Multithreaded Context"
},
"notes": [
{
"category": "other",
"text": "Unsynchronized Access to Shared Data in a Multithreaded Context",
"title": "CWE-567"
},
{
"category": "other",
"text": "Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element",
"title": "CWE-1058"
},
{
"category": "description",
"text": "A curl vulnerability (CVE-2025-14017) allows TLS option changes in one thread during multithreaded LDAPS transfers to affect other threads globally, potentially disabling certificate verification, alongside other security issues in libcurl and a MySQL Enterprise Backup flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14017 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14017.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-14017"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "OpenSSL 3.x contains a stack buffer overflow vulnerability in CMS AuthEnvelopedData parsing with AEAD ciphers that can cause denial of service or remote code execution, affecting multiple vendors including Red Hat and NetApp, but not OpenSSL 1.1.1, 1.0.2, or FIPS modules.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-15467 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-15467.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-43967",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "libheif versions prior to 1.19.6 contain a NULL pointer dereference vulnerability in ImageItem_Grid::get_decoder, affecting Oracle Hyperion Financial Reporting 11.2.23 and Oracle PeopleSoft Enterprise PeopleTools 8.61-8.62, enabling unauthenticated denial of service attacks with a CVSS score of 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43967 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43967.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Axios versions prior to 1.12.0 on Node.js improperly handle data: scheme URLs by decoding entire payloads into memory without size validation, enabling denial of service via unbounded memory allocation, alongside other vulnerabilities in HPE and Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58754 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58754.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-58754"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "urllib3 versions prior to 2.6.0 contain a vulnerability allowing unbounded decompression chains in HTTP responses, leading to excessive CPU and memory usage and resulting in Denial of Service conditions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-22006",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access to certain data, with a CVSS 3.1 score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2026-22006"
}
]
}
NCSC-2026-0187
Vulnerability from csaf_ncscnl - Published: 2026-06-09 18:45 - Updated: 2026-06-09 18:45Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als SCALANCE, SIMATIC, SINAMICS, SIPROTEC en TIA Portal.
Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- (Remote) code execution (root/admin rechten)
- Toegang tot systeemgegevens
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-26: Path Traversal: '/dir/../filename'
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-250: Execution with Unnecessary Privileges
CWE-313: Cleartext Storage in a File or on Disk
CWE-434: Unrestricted Upload of File with Dangerous Type
CWE-502: Deserialization of Untrusted Data
CWE-760: Use of a One-Way Hash with a Predictable Salt
CWE-787: Out-of-bounds Write
Multiple versions of Siemens SIMATIC and related software improperly sanitize Interprocess Communication input via a Windows Named Pipe accessible to all local users, allowing authenticated local attackers to cause type confusion and execute arbitrary code.
8.2 (High)
Affected products
Known affected
274 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / AI Lightweight Inference Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Connector for Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Databus
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / HiMed Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9433 (6GK5998-3GS11-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M804PB (6GK5804-0AP00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M812-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M816-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-2 (6GK5874-2AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 (6GK5874-3AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (6GK5876-3AA02-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (6GK5876-4AA10-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC642-2C (6GK5642-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC316-8 (6GK5324-8TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 (6GK5328-4TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC332 (6GK5332-0GA00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC416-8 (6GK5424-8TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC424-4 (6GK5428-4TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC432 (6GK5432-0GR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Comfort/Mobile RT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Basic Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Comfort Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Mobile Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IOT2050 (6ES7647-0BA00-1YA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC BX-21A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC MD-57A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC ORCLA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V4.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PDM V9.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA00)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7-PLCSIM V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Target
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Runtime Advanced V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V16
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified Sequence
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V7.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC Security Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINUMERIK Access MyMachine /OPC UA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLANT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD84 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD89 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SY82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UM85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 Compact 7SX800 (CP050)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS ASM IQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Shopfloor IT Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens OPC UA Modelling Editor (SiOME)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Simatic Step 7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Test Suite V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / User Management Component (UMC)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Visual Inspection Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simocode_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_test_suite_v20
|
vers:unknown/* |
OpenSSL versions 3.0 to 3.6 contain a stack buffer overflow vulnerability in CMS AuthEnvelopedData parsing with oversized IVs in AEAD ciphers, potentially causing crashes or remote code execution, affecting multiple vendors including Red Hat and NetApp.
9.8 (Critical)
Affected products
Known affected
274 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / AI Lightweight Inference Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Connector for Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Databus
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / HiMed Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9433 (6GK5998-3GS11-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M804PB (6GK5804-0AP00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M812-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M816-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-2 (6GK5874-2AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 (6GK5874-3AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (6GK5876-3AA02-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (6GK5876-4AA10-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC642-2C (6GK5642-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC316-8 (6GK5324-8TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 (6GK5328-4TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC332 (6GK5332-0GA00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC416-8 (6GK5424-8TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC424-4 (6GK5428-4TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC432 (6GK5432-0GR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Comfort/Mobile RT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Basic Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Comfort Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Mobile Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IOT2050 (6ES7647-0BA00-1YA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC BX-21A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC MD-57A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC ORCLA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V4.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PDM V9.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA00)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7-PLCSIM V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Target
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Runtime Advanced V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V16
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified Sequence
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V7.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC Security Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINUMERIK Access MyMachine /OPC UA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLANT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD84 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD89 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SY82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UM85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 Compact 7SX800 (CP050)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS ASM IQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Shopfloor IT Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens OPC UA Modelling Editor (SiOME)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Simatic Step 7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Test Suite V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / User Management Component (UMC)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Visual Inspection Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simocode_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_test_suite_v20
|
vers:unknown/* |
Multiple versions of SIPROTEC 5 devices contain a vulnerability allowing authenticated users to upload arbitrary files via the DIGSI 5 protocol, potentially leading to denial of service or remote code execution.
6.1 (Medium)
Affected products
Known affected
274 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / AI Lightweight Inference Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Connector for Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Databus
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / HiMed Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9433 (6GK5998-3GS11-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M804PB (6GK5804-0AP00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M812-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M816-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-2 (6GK5874-2AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 (6GK5874-3AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (6GK5876-3AA02-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (6GK5876-4AA10-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC642-2C (6GK5642-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC316-8 (6GK5324-8TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 (6GK5328-4TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC332 (6GK5332-0GA00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC416-8 (6GK5424-8TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC424-4 (6GK5428-4TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC432 (6GK5432-0GR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Comfort/Mobile RT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Basic Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Comfort Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Mobile Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IOT2050 (6ES7647-0BA00-1YA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC BX-21A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC MD-57A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC ORCLA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V4.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PDM V9.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA00)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7-PLCSIM V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Target
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Runtime Advanced V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V16
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified Sequence
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V7.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC Security Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINUMERIK Access MyMachine /OPC UA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLANT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD84 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD89 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SY82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UM85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 Compact 7SX800 (CP050)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS ASM IQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Shopfloor IT Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens OPC UA Modelling Editor (SiOME)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Simatic Step 7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Test Suite V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / User Management Component (UMC)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Visual Inspection Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simocode_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_test_suite_v20
|
vers:unknown/* |
Multiple versions of SIMATIC WinCC Unified PC Runtime contain a vulnerability in the WinCC Certificate Manager that allows attackers to extract sensitive information due to insufficient protection of key material.
7.1 (High)
Affected products
Known affected
274 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / AI Lightweight Inference Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Connector for Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Databus
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / HiMed Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9433 (6GK5998-3GS11-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M804PB (6GK5804-0AP00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M812-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M816-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-2 (6GK5874-2AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 (6GK5874-3AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (6GK5876-3AA02-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (6GK5876-4AA10-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC642-2C (6GK5642-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC316-8 (6GK5324-8TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 (6GK5328-4TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC332 (6GK5332-0GA00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC416-8 (6GK5424-8TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC424-4 (6GK5428-4TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC432 (6GK5432-0GR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Comfort/Mobile RT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Basic Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Comfort Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Mobile Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IOT2050 (6ES7647-0BA00-1YA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC BX-21A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC MD-57A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC ORCLA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V4.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PDM V9.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA00)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7-PLCSIM V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Target
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Runtime Advanced V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V16
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified Sequence
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V7.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC Security Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINUMERIK Access MyMachine /OPC UA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLANT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD84 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD89 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SY82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UM85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 Compact 7SX800 (CP050)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS ASM IQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Shopfloor IT Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens OPC UA Modelling Editor (SiOME)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Simatic Step 7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Test Suite V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / User Management Component (UMC)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Visual Inspection Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simocode_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_test_suite_v20
|
vers:unknown/* |
A vulnerability in SINEC INS versions before V1.0 SP2 Update 6 allows authenticated remote attackers to execute arbitrary OS commands via unsanitized input in the /api/sftp/uploadFiles endpoint.
8.8 (High)
Affected products
Known affected
274 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / AI Lightweight Inference Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Connector for Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Databus
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / HiMed Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9433 (6GK5998-3GS11-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M804PB (6GK5804-0AP00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M812-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M816-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-2 (6GK5874-2AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 (6GK5874-3AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (6GK5876-3AA02-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (6GK5876-4AA10-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC642-2C (6GK5642-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC316-8 (6GK5324-8TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 (6GK5328-4TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC332 (6GK5332-0GA00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC416-8 (6GK5424-8TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC424-4 (6GK5428-4TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC432 (6GK5432-0GR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Comfort/Mobile RT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Basic Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Comfort Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Mobile Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IOT2050 (6ES7647-0BA00-1YA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC BX-21A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC MD-57A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC ORCLA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V4.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PDM V9.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA00)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7-PLCSIM V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Target
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Runtime Advanced V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V16
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified Sequence
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V7.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC Security Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINUMERIK Access MyMachine /OPC UA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLANT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD84 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD89 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SY82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UM85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 Compact 7SX800 (CP050)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS ASM IQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Shopfloor IT Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens OPC UA Modelling Editor (SiOME)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Simatic Step 7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Test Suite V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / User Management Component (UMC)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Visual Inspection Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simocode_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_test_suite_v20
|
vers:unknown/* |
A path traversal vulnerability in SINEC INS versions before V1.0 SP2 Update 6 via the GET /api/sftp/uploadFiles endpoint allows unauthorized access to the file system due to improper input sanitization.
4.3 (Medium)
Affected products
Known affected
274 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / AI Lightweight Inference Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Connector for Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Databus
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / HiMed Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9433 (6GK5998-3GS11-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M804PB (6GK5804-0AP00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M812-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M816-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-2 (6GK5874-2AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 (6GK5874-3AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (6GK5876-3AA02-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (6GK5876-4AA10-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC642-2C (6GK5642-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC316-8 (6GK5324-8TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 (6GK5328-4TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC332 (6GK5332-0GA00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC416-8 (6GK5424-8TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC424-4 (6GK5428-4TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC432 (6GK5432-0GR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Comfort/Mobile RT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Basic Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Comfort Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Mobile Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IOT2050 (6ES7647-0BA00-1YA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC BX-21A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC MD-57A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC ORCLA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V4.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PDM V9.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA00)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7-PLCSIM V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Target
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Runtime Advanced V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V16
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified Sequence
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V7.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC Security Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINUMERIK Access MyMachine /OPC UA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLANT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD84 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD89 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SY82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UM85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 Compact 7SX800 (CP050)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS ASM IQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Shopfloor IT Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens OPC UA Modelling Editor (SiOME)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Simatic Step 7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Test Suite V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / User Management Component (UMC)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Visual Inspection Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simocode_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_test_suite_v20
|
vers:unknown/* |
A local vulnerability in SINEC INS versions before V1.0 SP2 Update 6 allows privilege escalation to root by bypassing file system permissions via a binary with cap_dac_override capability.
8.8 (High)
Affected products
Known affected
274 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / AI Lightweight Inference Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Connector for Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Databus
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / HiMed Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9433 (6GK5998-3GS11-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M804PB (6GK5804-0AP00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M812-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M816-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-2 (6GK5874-2AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 (6GK5874-3AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (6GK5876-3AA02-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (6GK5876-4AA10-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC642-2C (6GK5642-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC316-8 (6GK5324-8TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 (6GK5328-4TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC332 (6GK5332-0GA00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC416-8 (6GK5424-8TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC424-4 (6GK5428-4TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC432 (6GK5432-0GR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Comfort/Mobile RT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Basic Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Comfort Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Mobile Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IOT2050 (6ES7647-0BA00-1YA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC BX-21A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC MD-57A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC ORCLA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V4.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PDM V9.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA00)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7-PLCSIM V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Target
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Runtime Advanced V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V16
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified Sequence
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V7.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC Security Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINUMERIK Access MyMachine /OPC UA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLANT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD84 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD89 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SY82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UM85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 Compact 7SX800 (CP050)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS ASM IQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Shopfloor IT Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens OPC UA Modelling Editor (SiOME)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Simatic Step 7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Test Suite V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / User Management Component (UMC)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Visual Inspection Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simocode_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_test_suite_v20
|
vers:unknown/* |
A vulnerability in SINEC INS before V1.0 SP2 Update 6 uses a static, hardcoded salt and insufficient hashing iterations, enabling attackers to recover passwords via brute-force or precomputed attacks and gain unauthorized access.
7.5 (High)
Affected products
Known affected
274 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / AI Lightweight Inference Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Connector for Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Databus
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / HiMed Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE LPE9433 (6GK5998-3GS11-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M804PB (6GK5804-0AP00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M812-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M816-1 ADSL-Router family
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-2 (6GK5874-2AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 (6GK5874-3AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (6GK5876-3AA02-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (6GK5876-4AA10-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC642-2C (6GK5642-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC316-8 (6GK5324-8TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 (6GK5328-4TS00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC332 (6GK5332-0GA00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC416-8 (6GK5424-8TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC424-4 (6GK5428-4TR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XC432 (6GK5432-0GR00-2AC2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR302-32 (6GK5334-5TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR322-12 (6GK5334-3TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 (6GK5334-2TS00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR502-32 (6GK5534-5TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR522-12 (6GK5534-3TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-2RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR524-8WG (6GK5532-2SR00-3RR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-2AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-3AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SCALANCE XR526-8 (6GK5534-2TR00-4AR3)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIDIS Prime
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Comfort/Mobile RT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Basic Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Comfort Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC HMI Mobile Panels
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IOT2050 (6ES7647-0BA00-1YA2)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC BX-21A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC MD-57A
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC IPC ORCLA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V4.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PCS neo V6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PDM V9.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA00)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-0DA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA10)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA20)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC RTLS Locating Manager (6GT2780-1EA30)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7-PLCSIM V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC STEP 7 V5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC Target
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC OA V3.21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Runtime Advanced V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V16
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified PC Runtime V21
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC Unified Sequence
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V7.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC WinCC V8.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOCODE ES V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOTION SCOUT TIA V5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.1
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMOVE Fleetmanager V3.3
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS G220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S200
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS S220
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINAMICS Startdrive V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC Security Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINUMERIK Access MyMachine /OPC UA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLANT
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD84 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MD89 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 6MU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7KE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SA87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SD87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ81 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SJ86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SK85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SL87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SS85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7ST86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SX85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7SY82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UM85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP100)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT82 (CP150)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT86 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7UT87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VE85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP200)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VK87 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 7VU85 (CP300)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPROTEC 5 Compact 7SX800 (CP050)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Safety ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIRIUS Soft Starter ES V20 (TIA Portal)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS ASM IQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Shopfloor IT Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Siemens OPC UA Modelling Editor (SiOME)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Simatic Step 7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Cloud V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / TIA Portal Test Suite V20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / User Management Component (UMC)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Visual Inspection Cockpit
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v5.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_pcs_neo_v6.0
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_step_7_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simatic_wincc_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simocode_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / simotion_scout_tia_v5.7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sinamics_startdrive_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_safety_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / sirius_soft_starter_es_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v17
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v18
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v19
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_cloud_v20
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / tia_portal_test_suite_v20
|
vers:unknown/* |
References
13 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als SCALANCE, SIMATIC, SINAMICS, SIPROTEC en TIA Portal.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (root/admin rechten)\n- Toegang tot systeemgegevens\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Path Traversal: \u0027/dir/../filename\u0027",
"title": "CWE-26"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Cleartext Storage in a File or on Disk",
"title": "CWE-313"
},
{
"category": "general",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Use of a One-Way Hash with a Predictable Salt",
"title": "CWE-760"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-063511.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139483.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434797.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693808.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2026-06-09T18:45:21.746916Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0187",
"initial_release_date": "2026-06-09T18:45:21.746916Z",
"revision_history": [
{
"date": "2026-06-09T18:45:21.746916Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "AI Lightweight Inference Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Connector for Azure"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Databus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "HiMed Cockpit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "SCALANCE LPE9403 (6GK5998-3GS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "SCALANCE LPE9413 (6GK5998-3GS01-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "SCALANCE LPE9433 (6GK5998-3GS11-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "SCALANCE M804PB (6GK5804-0AP00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "SCALANCE M812-1 ADSL-Router family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "SCALANCE M816-1 ADSL-Router family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "SCALANCE M874-2 (6GK5874-2AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "SCALANCE M874-3 (6GK5874-3AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "SCALANCE M876-3 (6GK5876-3AA02-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (6GK5876-4AA10-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "SCALANCE SC626-2C (6GK5626-2GS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-37"
}
}
],
"category": "product_name",
"name": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-38"
}
}
],
"category": "product_name",
"name": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-39"
}
}
],
"category": "product_name",
"name": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-40"
}
}
],
"category": "product_name",
"name": "SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-41"
}
}
],
"category": "product_name",
"name": "SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-42"
}
}
],
"category": "product_name",
"name": "SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-43"
}
}
],
"category": "product_name",
"name": "SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-44"
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 (6GK5766-1GE00-7DA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-45"
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-46"
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-47"
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-48"
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-49"
}
}
],
"category": "product_name",
"name": "SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-50"
}
}
],
"category": "product_name",
"name": "SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-51"
}
}
],
"category": "product_name",
"name": "SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-52"
}
}
],
"category": "product_name",
"name": "SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-53"
}
}
],
"category": "product_name",
"name": "SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-54"
}
}
],
"category": "product_name",
"name": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-55"
}
}
],
"category": "product_name",
"name": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-56"
}
}
],
"category": "product_name",
"name": "SCALANCE WUM766-1 (6GK5766-1GE00-3DA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-57"
}
}
],
"category": "product_name",
"name": "SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-58"
}
}
],
"category": "product_name",
"name": "SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-59"
}
}
],
"category": "product_name",
"name": "SCALANCE XC316-8 (6GK5324-8TS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-60"
}
}
],
"category": "product_name",
"name": "SCALANCE XC324-4 (6GK5328-4TS00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-61"
}
}
],
"category": "product_name",
"name": "SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-62"
}
}
],
"category": "product_name",
"name": "SCALANCE XC332 (6GK5332-0GA00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-63"
}
}
],
"category": "product_name",
"name": "SCALANCE XC416-8 (6GK5424-8TR00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-64"
}
}
],
"category": "product_name",
"name": "SCALANCE XC424-4 (6GK5428-4TR00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-65"
}
}
],
"category": "product_name",
"name": "SCALANCE XC432 (6GK5432-0GR00-2AC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-66"
}
}
],
"category": "product_name",
"name": "SCALANCE XR302-32 (6GK5334-5TS00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-67"
}
}
],
"category": "product_name",
"name": "SCALANCE XR302-32 (6GK5334-5TS00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-68"
}
}
],
"category": "product_name",
"name": "SCALANCE XR302-32 (6GK5334-5TS00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-69"
}
}
],
"category": "product_name",
"name": "SCALANCE XR322-12 (6GK5334-3TS00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-70"
}
}
],
"category": "product_name",
"name": "SCALANCE XR322-12 (6GK5334-3TS00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-71"
}
}
],
"category": "product_name",
"name": "SCALANCE XR322-12 (6GK5334-3TS00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-72"
}
}
],
"category": "product_name",
"name": "SCALANCE XR326-8 (6GK5334-2TS00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-73"
}
}
],
"category": "product_name",
"name": "SCALANCE XR326-8 (6GK5334-2TS00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-74"
}
}
],
"category": "product_name",
"name": "SCALANCE XR326-8 (6GK5334-2TS00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-75"
}
}
],
"category": "product_name",
"name": "SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-76"
}
}
],
"category": "product_name",
"name": "SCALANCE XR502-32 (6GK5534-5TR00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-77"
}
}
],
"category": "product_name",
"name": "SCALANCE XR502-32 (6GK5534-5TR00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-78"
}
}
],
"category": "product_name",
"name": "SCALANCE XR502-32 (6GK5534-5TR00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-79"
}
}
],
"category": "product_name",
"name": "SCALANCE XR522-12 (6GK5534-3TR00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-80"
}
}
],
"category": "product_name",
"name": "SCALANCE XR522-12 (6GK5534-3TR00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-81"
}
}
],
"category": "product_name",
"name": "SCALANCE XR522-12 (6GK5534-3TR00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-82"
}
}
],
"category": "product_name",
"name": "SCALANCE XR524-8WG (6GK5532-2SR00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-83"
}
}
],
"category": "product_name",
"name": "SCALANCE XR524-8WG (6GK5532-2SR00-2RR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-84"
}
}
],
"category": "product_name",
"name": "SCALANCE XR524-8WG (6GK5532-2SR00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-85"
}
}
],
"category": "product_name",
"name": "SCALANCE XR524-8WG (6GK5532-2SR00-3RR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-86"
}
}
],
"category": "product_name",
"name": "SCALANCE XR526-8 (6GK5534-2TR00-2AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-87"
}
}
],
"category": "product_name",
"name": "SCALANCE XR526-8 (6GK5534-2TR00-3AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-88"
}
}
],
"category": "product_name",
"name": "SCALANCE XR526-8 (6GK5534-2TR00-4AR3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-89"
}
}
],
"category": "product_name",
"name": "SIDIS Prime"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-90"
}
}
],
"category": "product_name",
"name": "SIMATIC Comfort/Mobile RT"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-91"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI Basic Panels"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-92"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI Comfort Panels"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-93"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI Mobile Panels"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-94"
}
}
],
"category": "product_name",
"name": "SIMATIC IOT2050 (6ES7647-0BA00-1YA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-95"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC BX-21A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-96"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC MD-57A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-97"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC ORCLA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-98"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-99"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-100"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-101"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V6.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-102"
}
}
],
"category": "product_name",
"name": "SIMATIC PDM V9.3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-103"
}
}
],
"category": "product_name",
"name": "SIMATIC RTLS Locating Manager (6GT2780-0DA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-104"
}
}
],
"category": "product_name",
"name": "SIMATIC RTLS Locating Manager (6GT2780-0DA10)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-105"
}
}
],
"category": "product_name",
"name": "SIMATIC RTLS Locating Manager (6GT2780-0DA20)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-106"
}
}
],
"category": "product_name",
"name": "SIMATIC RTLS Locating Manager (6GT2780-0DA30)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-107"
}
}
],
"category": "product_name",
"name": "SIMATIC RTLS Locating Manager (6GT2780-1EA10)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-108"
}
}
],
"category": "product_name",
"name": "SIMATIC RTLS Locating Manager (6GT2780-1EA20)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-109"
}
}
],
"category": "product_name",
"name": "SIMATIC RTLS Locating Manager (6GT2780-1EA30)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-110"
}
}
],
"category": "product_name",
"name": "SIMATIC S7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-111"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-112"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-113"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-114"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-115"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-116"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-117"
}
}
],
"category": "product_name",
"name": "SIMATIC Target"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-118"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-119"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-120"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-121"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.21"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-122"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Runtime Advanced V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-123"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-124"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-125"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-126"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-127"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-128"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V21"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-129"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified Sequence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-130"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-131"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-132"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-133"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-134"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V7.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-135"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V8.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-136"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-137"
}
}
],
"category": "product_name",
"name": "SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-138"
}
}
],
"category": "product_name",
"name": "SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-139"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-140"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-141"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-142"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-143"
}
}
],
"category": "product_name",
"name": "SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-144"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-145"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-146"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-147"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-148"
}
}
],
"category": "product_name",
"name": "SIMOVE Fleetmanager V3.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-149"
}
}
],
"category": "product_name",
"name": "SIMOVE Fleetmanager V3.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-150"
}
}
],
"category": "product_name",
"name": "SIMOVE Fleetmanager V3.3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-151"
}
}
],
"category": "product_name",
"name": "SINAMICS G200"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-152"
}
}
],
"category": "product_name",
"name": "SINAMICS G220"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-153"
}
}
],
"category": "product_name",
"name": "SINAMICS S200"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-154"
}
}
],
"category": "product_name",
"name": "SINAMICS S210"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-155"
}
}
],
"category": "product_name",
"name": "SINAMICS S220"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-156"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-157"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-158"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-159"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-160"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-161"
}
}
],
"category": "product_name",
"name": "SINEC INS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-162"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-163"
}
}
],
"category": "product_name",
"name": "SINEC Security Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-164"
}
}
],
"category": "product_name",
"name": "SINUMERIK Access MyMachine /OPC UA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-165"
}
}
],
"category": "product_name",
"name": "SIPLANT"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-166"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 6MD84 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-167"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 6MD85 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-168"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 6MD85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-169"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 6MD86 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-170"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 6MD86 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-171"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 6MD89 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-172"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 6MU85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-173"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7KE85 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-174"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7KE85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-175"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SA82 (CP100)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-176"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SA82 (CP150)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-177"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SA86 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-178"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SA86 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-179"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SA87 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-180"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SA87 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-181"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SD82 (CP100)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-182"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SD82 (CP150)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-183"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SD86 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-184"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SD86 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-185"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SD87 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-186"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SD87 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-187"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SJ81 (CP100)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-188"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SJ81 (CP150)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-189"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SJ82 (CP100)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-190"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SJ82 (CP150)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-191"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SJ85 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-192"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SJ85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-193"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SJ86 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-194"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SJ86 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-195"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SK82 (CP100)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-196"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SK82 (CP150)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-197"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SK85 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-198"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SK85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-199"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SL82 (CP100)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-200"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SL82 (CP150)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-201"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SL86 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-202"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SL86 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-203"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SL87 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-204"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SL87 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-205"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SS85 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-206"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SS85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-207"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7ST85 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-208"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7ST85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-209"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7ST86 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-210"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SX82 (CP150)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-211"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SX85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-212"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7SY82 (CP150)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-213"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7UM85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-214"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7UT82 (CP100)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-215"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7UT82 (CP150)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-216"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7UT85 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-217"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7UT85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-218"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7UT86 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-219"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7UT86 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-220"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7UT87 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-221"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7UT87 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-222"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7VE85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-223"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7VK87 (CP200)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-224"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7VK87 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-225"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 7VU85 (CP300)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-226"
}
}
],
"category": "product_name",
"name": "SIPROTEC 5 Compact 7SX800 (CP050)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-227"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V17 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-228"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V18 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-229"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V19 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-230"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V20 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-231"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V17 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-232"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V18 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-233"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V19 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-234"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V20 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-235"
}
}
],
"category": "product_name",
"name": "SITRANS ASM IQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-236"
}
}
],
"category": "product_name",
"name": "SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-237"
}
}
],
"category": "product_name",
"name": "Shopfloor IT Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-238"
}
}
],
"category": "product_name",
"name": "Siemens OPC UA Modelling Editor (SiOME)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-239"
}
}
],
"category": "product_name",
"name": "Simatic Step 7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-240"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-241"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-242"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-243"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-244"
}
}
],
"category": "product_name",
"name": "TIA Portal Test Suite V20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-245"
}
}
],
"category": "product_name",
"name": "User Management Component (UMC)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-246"
}
}
],
"category": "product_name",
"name": "Visual Inspection Cockpit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-247"
}
}
],
"category": "product_name",
"name": "simatic_pcs_neo_v5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-248"
}
}
],
"category": "product_name",
"name": "simatic_pcs_neo_v6.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-249"
}
}
],
"category": "product_name",
"name": "simatic_step_7_v17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-250"
}
}
],
"category": "product_name",
"name": "simatic_step_7_v19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-251"
}
}
],
"category": "product_name",
"name": "simatic_step_7_v20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-252"
}
}
],
"category": "product_name",
"name": "simatic_wincc_v18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-253"
}
}
],
"category": "product_name",
"name": "simatic_wincc_v19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-254"
}
}
],
"category": "product_name",
"name": "simatic_wincc_v20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-255"
}
}
],
"category": "product_name",
"name": "simocode_es_v18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-256"
}
}
],
"category": "product_name",
"name": "simotion_scout_tia_v5.4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-257"
}
}
],
"category": "product_name",
"name": "simotion_scout_tia_v5.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-258"
}
}
],
"category": "product_name",
"name": "simotion_scout_tia_v5.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-259"
}
}
],
"category": "product_name",
"name": "simotion_scout_tia_v5.7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-260"
}
}
],
"category": "product_name",
"name": "sinamics_startdrive_v17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-261"
}
}
],
"category": "product_name",
"name": "sinamics_startdrive_v19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-262"
}
}
],
"category": "product_name",
"name": "sinamics_startdrive_v20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-263"
}
}
],
"category": "product_name",
"name": "sirius_safety_es_v18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-264"
}
}
],
"category": "product_name",
"name": "sirius_safety_es_v19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-265"
}
}
],
"category": "product_name",
"name": "sirius_safety_es_v20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-266"
}
}
],
"category": "product_name",
"name": "sirius_soft_starter_es_v17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-267"
}
}
],
"category": "product_name",
"name": "sirius_soft_starter_es_v18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-268"
}
}
],
"category": "product_name",
"name": "sirius_soft_starter_es_v19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-269"
}
}
],
"category": "product_name",
"name": "sirius_soft_starter_es_v20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-270"
}
}
],
"category": "product_name",
"name": "tia_portal_cloud_v17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-271"
}
}
],
"category": "product_name",
"name": "tia_portal_cloud_v18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-272"
}
}
],
"category": "product_name",
"name": "tia_portal_cloud_v19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-273"
}
}
],
"category": "product_name",
"name": "tia_portal_cloud_v20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-274"
}
}
],
"category": "product_name",
"name": "tia_portal_test_suite_v20"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-54678",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Multiple versions of Siemens SIMATIC and related software improperly sanitize Interprocess Communication input via a Windows Named Pipe accessible to all local users, allowing authenticated local attackers to cause type confusion and execute arbitrary code.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54678 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-54678.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
}
],
"title": "CVE-2024-54678"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "OpenSSL versions 3.0 to 3.6 contain a stack buffer overflow vulnerability in CMS AuthEnvelopedData parsing with oversized IVs in AEAD ciphers, potentially causing crashes or remote code execution, affecting multiple vendors including Red Hat and NetApp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-15467 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-15467.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-40808",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "other",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
},
{
"category": "description",
"text": "Multiple versions of SIPROTEC 5 devices contain a vulnerability allowing authenticated users to upload arbitrary files via the DIGSI 5 protocol, potentially leading to denial of service or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40808 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40808.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
}
],
"title": "CVE-2025-40808"
},
{
"cve": "CVE-2026-24349",
"cwe": {
"id": "CWE-313",
"name": "Cleartext Storage in a File or on Disk"
},
"notes": [
{
"category": "other",
"text": "Cleartext Storage in a File or on Disk",
"title": "CWE-313"
},
{
"category": "description",
"text": "Multiple versions of SIMATIC WinCC Unified PC Runtime contain a vulnerability in the WinCC Certificate Manager that allows attackers to extract sensitive information due to insufficient protection of key material.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-24349 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-24349.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
}
],
"title": "CVE-2026-24349"
},
{
"cve": "CVE-2026-46746",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "description",
"text": "A vulnerability in SINEC INS versions before V1.0 SP2 Update 6 allows authenticated remote attackers to execute arbitrary OS commands via unsanitized input in the /api/sftp/uploadFiles endpoint.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-46746 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46746.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
}
],
"title": "CVE-2026-46746"
},
{
"cve": "CVE-2026-46747",
"cwe": {
"id": "CWE-26",
"name": "Path Traversal: \u0027/dir/../filename\u0027"
},
"notes": [
{
"category": "other",
"text": "Path Traversal: \u0027/dir/../filename\u0027",
"title": "CWE-26"
},
{
"category": "description",
"text": "A path traversal vulnerability in SINEC INS versions before V1.0 SP2 Update 6 via the GET /api/sftp/uploadFiles endpoint allows unauthorized access to the file system due to improper input sanitization.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-46747 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46747.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
}
],
"title": "CVE-2026-46747"
},
{
"cve": "CVE-2026-46748",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "description",
"text": "A local vulnerability in SINEC INS versions before V1.0 SP2 Update 6 allows privilege escalation to root by bypassing file system permissions via a binary with cap_dac_override capability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-46748 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46748.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
}
],
"title": "CVE-2026-46748"
},
{
"cve": "CVE-2026-46749",
"cwe": {
"id": "CWE-760",
"name": "Use of a One-Way Hash with a Predictable Salt"
},
"notes": [
{
"category": "other",
"text": "Use of a One-Way Hash with a Predictable Salt",
"title": "CWE-760"
},
{
"category": "description",
"text": "A vulnerability in SINEC INS before V1.0 SP2 Update 6 uses a static, hardcoded salt and insufficient hashing iterations, enabling attackers to recover passwords via brute-force or precomputed attacks and gain unauthorized access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-46749 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46749.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123",
"CSAFPID-124",
"CSAFPID-125",
"CSAFPID-126",
"CSAFPID-127",
"CSAFPID-128",
"CSAFPID-129",
"CSAFPID-130",
"CSAFPID-131",
"CSAFPID-132",
"CSAFPID-133",
"CSAFPID-134",
"CSAFPID-135",
"CSAFPID-136",
"CSAFPID-137",
"CSAFPID-138",
"CSAFPID-139",
"CSAFPID-140",
"CSAFPID-141",
"CSAFPID-142",
"CSAFPID-143",
"CSAFPID-144",
"CSAFPID-145",
"CSAFPID-146",
"CSAFPID-147",
"CSAFPID-148",
"CSAFPID-149",
"CSAFPID-150",
"CSAFPID-151",
"CSAFPID-152",
"CSAFPID-153",
"CSAFPID-154",
"CSAFPID-155",
"CSAFPID-156",
"CSAFPID-157",
"CSAFPID-158",
"CSAFPID-159",
"CSAFPID-160",
"CSAFPID-161",
"CSAFPID-162",
"CSAFPID-163",
"CSAFPID-164",
"CSAFPID-165",
"CSAFPID-166",
"CSAFPID-167",
"CSAFPID-168",
"CSAFPID-169",
"CSAFPID-170",
"CSAFPID-171",
"CSAFPID-172",
"CSAFPID-173",
"CSAFPID-174",
"CSAFPID-175",
"CSAFPID-176",
"CSAFPID-177",
"CSAFPID-178",
"CSAFPID-179",
"CSAFPID-180",
"CSAFPID-181",
"CSAFPID-182",
"CSAFPID-183",
"CSAFPID-184",
"CSAFPID-185",
"CSAFPID-186",
"CSAFPID-187",
"CSAFPID-188",
"CSAFPID-189",
"CSAFPID-190",
"CSAFPID-191",
"CSAFPID-192",
"CSAFPID-193",
"CSAFPID-194",
"CSAFPID-195",
"CSAFPID-196",
"CSAFPID-197",
"CSAFPID-198",
"CSAFPID-199",
"CSAFPID-200",
"CSAFPID-201",
"CSAFPID-202",
"CSAFPID-203",
"CSAFPID-204",
"CSAFPID-205",
"CSAFPID-206",
"CSAFPID-207",
"CSAFPID-208",
"CSAFPID-209",
"CSAFPID-210",
"CSAFPID-211",
"CSAFPID-212",
"CSAFPID-213",
"CSAFPID-214",
"CSAFPID-215",
"CSAFPID-216",
"CSAFPID-217",
"CSAFPID-218",
"CSAFPID-219",
"CSAFPID-220",
"CSAFPID-221",
"CSAFPID-222",
"CSAFPID-223",
"CSAFPID-224",
"CSAFPID-225",
"CSAFPID-226",
"CSAFPID-227",
"CSAFPID-228",
"CSAFPID-229",
"CSAFPID-230",
"CSAFPID-231",
"CSAFPID-232",
"CSAFPID-233",
"CSAFPID-234",
"CSAFPID-235",
"CSAFPID-236",
"CSAFPID-237",
"CSAFPID-238",
"CSAFPID-239",
"CSAFPID-240",
"CSAFPID-241",
"CSAFPID-242",
"CSAFPID-243",
"CSAFPID-244",
"CSAFPID-245",
"CSAFPID-246",
"CSAFPID-247",
"CSAFPID-248",
"CSAFPID-249",
"CSAFPID-250",
"CSAFPID-251",
"CSAFPID-252",
"CSAFPID-253",
"CSAFPID-254",
"CSAFPID-255",
"CSAFPID-256",
"CSAFPID-257",
"CSAFPID-258",
"CSAFPID-259",
"CSAFPID-260",
"CSAFPID-261",
"CSAFPID-262",
"CSAFPID-263",
"CSAFPID-264",
"CSAFPID-265",
"CSAFPID-266",
"CSAFPID-267",
"CSAFPID-268",
"CSAFPID-269",
"CSAFPID-270",
"CSAFPID-271",
"CSAFPID-272",
"CSAFPID-273",
"CSAFPID-274"
]
}
],
"title": "CVE-2026-46749"
}
]
}
OPENSUSE-SU-2026:10237-1
Vulnerability from csaf_opensuse - Published: 2026-02-23 00:00 - Updated: 2026-02-23 00:00Summary
libopenssl-3-devel-3.5.3-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: libopenssl-3-devel-3.5.3-2.1 on GA media
Description of the patch: These are all security issues fixed in the libopenssl-3-devel-3.5.3-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10237
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenssl-3-devel-3.5.3-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenssl-3-devel-3.5.3-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10237",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10237-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15469 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66199 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9230 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9232 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22795/"
}
],
"title": "libopenssl-3-devel-3.5.3-2.1 on GA media",
"tracking": {
"current_release_date": "2026-02-23T00:00:00Z",
"generator": {
"date": "2026-02-23T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10237-1",
"initial_release_date": "2026-02-23T00:00:00Z",
"revision_history": [
{
"date": "2026-02-23T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.3-2.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.5.3-2.1.aarch64",
"product_id": "libopenssl-3-devel-3.5.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"product": {
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"product_id": "libopenssl-3-devel-32bit-3.5.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.5.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"product_id": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.3-2.1.aarch64",
"product": {
"name": "libopenssl3-3.5.3-2.1.aarch64",
"product_id": "libopenssl3-3.5.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.5.3-2.1.aarch64",
"product": {
"name": "libopenssl3-32bit-3.5.3-2.1.aarch64",
"product_id": "libopenssl3-32bit-3.5.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"product_id": "libopenssl3-x86-64-v3-3.5.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.3-2.1.aarch64",
"product": {
"name": "openssl-3-3.5.3-2.1.aarch64",
"product_id": "openssl-3-3.5.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.5.3-2.1.aarch64",
"product": {
"name": "openssl-3-doc-3.5.3-2.1.aarch64",
"product_id": "openssl-3-doc-3.5.3-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.3-2.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.5.3-2.1.ppc64le",
"product_id": "libopenssl-3-devel-3.5.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"product_id": "libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.5.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.3-2.1.ppc64le",
"product": {
"name": "libopenssl3-3.5.3-2.1.ppc64le",
"product_id": "libopenssl3-3.5.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.5.3-2.1.ppc64le",
"product": {
"name": "libopenssl3-32bit-3.5.3-2.1.ppc64le",
"product_id": "libopenssl3-32bit-3.5.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"product_id": "libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.3-2.1.ppc64le",
"product": {
"name": "openssl-3-3.5.3-2.1.ppc64le",
"product_id": "openssl-3-3.5.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.5.3-2.1.ppc64le",
"product": {
"name": "openssl-3-doc-3.5.3-2.1.ppc64le",
"product_id": "openssl-3-doc-3.5.3-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.3-2.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.5.3-2.1.s390x",
"product_id": "libopenssl-3-devel-3.5.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"product": {
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"product_id": "libopenssl-3-devel-32bit-3.5.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.5.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"product_id": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.3-2.1.s390x",
"product": {
"name": "libopenssl3-3.5.3-2.1.s390x",
"product_id": "libopenssl3-3.5.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.5.3-2.1.s390x",
"product": {
"name": "libopenssl3-32bit-3.5.3-2.1.s390x",
"product_id": "libopenssl3-32bit-3.5.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"product_id": "libopenssl3-x86-64-v3-3.5.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.3-2.1.s390x",
"product": {
"name": "openssl-3-3.5.3-2.1.s390x",
"product_id": "openssl-3-3.5.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.5.3-2.1.s390x",
"product": {
"name": "openssl-3-doc-3.5.3-2.1.s390x",
"product_id": "openssl-3-doc-3.5.3-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.3-2.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.5.3-2.1.x86_64",
"product_id": "libopenssl-3-devel-3.5.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.5.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.5.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.3-2.1.x86_64",
"product": {
"name": "libopenssl3-3.5.3-2.1.x86_64",
"product_id": "libopenssl3-3.5.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.5.3-2.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.5.3-2.1.x86_64",
"product_id": "libopenssl3-32bit-3.5.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"product_id": "libopenssl3-x86-64-v3-3.5.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.3-2.1.x86_64",
"product": {
"name": "openssl-3-3.5.3-2.1.x86_64",
"product_id": "openssl-3-3.5.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.5.3-2.1.x86_64",
"product": {
"name": "openssl-3-doc-3.5.3-2.1.x86_64",
"product_id": "openssl-3-doc-3.5.3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64"
},
"product_reference": "libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x"
},
"product_reference": "libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64"
},
"product_reference": "libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64"
},
"product_reference": "libopenssl3-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le"
},
"product_reference": "libopenssl3-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x"
},
"product_reference": "libopenssl3-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64"
},
"product_reference": "libopenssl3-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64"
},
"product_reference": "libopenssl3-32bit-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le"
},
"product_reference": "libopenssl3-32bit-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x"
},
"product_reference": "libopenssl3-32bit-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64"
},
"product_reference": "openssl-3-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le"
},
"product_reference": "openssl-3-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x"
},
"product_reference": "openssl-3-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64"
},
"product_reference": "openssl-3-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64"
},
"product_reference": "openssl-3-doc-3.5.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le"
},
"product_reference": "openssl-3-doc-3.5.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x"
},
"product_reference": "openssl-3-doc-3.5.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
},
"product_reference": "openssl-3-doc-3.5.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11187"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11187",
"url": "https://www.suse.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "SUSE Bug 1256829 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256829"
},
{
"category": "external",
"summary": "SUSE Bug 1256878 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-11187"
},
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "external",
"summary": "SUSE Bug 1256876 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-15468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15468"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15468",
"url": "https://www.suse.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "SUSE Bug 1256831 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256831"
},
{
"category": "external",
"summary": "SUSE Bug 1256880 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-15468"
},
{
"cve": "CVE-2025-15469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15469"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: The \u0027openssl dgst\u0027 command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the \u0027openssl dgst\u0027 command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n\u0027openssl dgst\u0027 command. Streaming digest algorithms for \u0027openssl dgst\u0027 and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15469",
"url": "https://www.suse.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "SUSE Bug 1256832 for CVE-2025-15469",
"url": "https://bugzilla.suse.com/1256832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-15469"
},
{
"cve": "CVE-2025-66199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66199"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66199",
"url": "https://www.suse.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "SUSE Bug 1256833 for CVE-2025-66199",
"url": "https://bugzilla.suse.com/1256833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-66199"
},
{
"cve": "CVE-2025-68160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68160"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68160",
"url": "https://www.suse.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "SUSE Bug 1256834 for CVE-2025-68160",
"url": "https://bugzilla.suse.com/1256834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69418"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69418",
"url": "https://www.suse.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "SUSE Bug 1256835 for CVE-2025-69418",
"url": "https://bugzilla.suse.com/1256835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69419"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69419",
"url": "https://www.suse.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "SUSE Bug 1256836 for CVE-2025-69419",
"url": "https://bugzilla.suse.com/1256836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69420"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69420",
"url": "https://www.suse.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "SUSE Bug 1256837 for CVE-2025-69420",
"url": "https://bugzilla.suse.com/1256837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69421"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69421",
"url": "https://www.suse.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "SUSE Bug 1256838 for CVE-2025-69421",
"url": "https://bugzilla.suse.com/1256838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2025-9230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9230"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9230",
"url": "https://www.suse.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "SUSE Bug 1250232 for CVE-2025-9230",
"url": "https://bugzilla.suse.com/1250232"
},
{
"category": "external",
"summary": "SUSE Bug 1250410 for CVE-2025-9230",
"url": "https://bugzilla.suse.com/1250410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9231"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9231",
"url": "https://www.suse.com/security/cve/CVE-2025-9231"
},
{
"category": "external",
"summary": "SUSE Bug 1250233 for CVE-2025-9231",
"url": "https://bugzilla.suse.com/1250233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-9231"
},
{
"cve": "CVE-2025-9232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9232"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the \u0027no_proxy\u0027 environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na \u0027no_proxy\u0027 environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9232",
"url": "https://www.suse.com/security/cve/CVE-2025-9232"
},
{
"category": "external",
"summary": "SUSE Bug 1250234 for CVE-2025-9232",
"url": "https://bugzilla.suse.com/1250234"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-9232"
},
{
"cve": "CVE-2026-22795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22795"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22795",
"url": "https://www.suse.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "SUSE Bug 1256839 for CVE-2026-22795",
"url": "https://bugzilla.suse.com/1256839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.3-2.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-22795"
}
]
}
OPENSUSE-SU-2026:20152-1
Vulnerability from csaf_opensuse - Published: 2026-02-02 13:00 - Updated: 2026-02-02 13:00Summary
Security update for openssl-3
Severity
Important
Notes
Title of the patch: Security update for openssl-3
Description of the patch: This update for openssl-3 fixes the following issues:
Security fixes:
- CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256829).
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256831).
- CVE-2025-15469: "openssl dgst" one-shot codepath silently truncates inputs >16MB (bsc#1256832).
- CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation (bsc#1256833).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
Other fixes:
- Enable livepatching support for ppc64le (bsc#1257274).
Patchnames: openSUSE-Leap-16.0-237
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\nSecurity fixes:\n\n - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256829).\n - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).\n - CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256831).\n - CVE-2025-15469: \"openssl dgst\" one-shot codepath silently truncates inputs \u003e16MB (bsc#1256832).\n - CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation (bsc#1256833).\n - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).\n - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).\n - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).\n - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).\n - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).\n - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).\n - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).\n\nOther fixes:\n\n- Enable livepatching support for ppc64le (bsc#1257274).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-237",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20152-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1256829",
"url": "https://bugzilla.suse.com/1256829"
},
{
"category": "self",
"summary": "SUSE Bug 1256830",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "self",
"summary": "SUSE Bug 1256831",
"url": "https://bugzilla.suse.com/1256831"
},
{
"category": "self",
"summary": "SUSE Bug 1256832",
"url": "https://bugzilla.suse.com/1256832"
},
{
"category": "self",
"summary": "SUSE Bug 1256833",
"url": "https://bugzilla.suse.com/1256833"
},
{
"category": "self",
"summary": "SUSE Bug 1256834",
"url": "https://bugzilla.suse.com/1256834"
},
{
"category": "self",
"summary": "SUSE Bug 1256835",
"url": "https://bugzilla.suse.com/1256835"
},
{
"category": "self",
"summary": "SUSE Bug 1256836",
"url": "https://bugzilla.suse.com/1256836"
},
{
"category": "self",
"summary": "SUSE Bug 1256837",
"url": "https://bugzilla.suse.com/1256837"
},
{
"category": "self",
"summary": "SUSE Bug 1256838",
"url": "https://bugzilla.suse.com/1256838"
},
{
"category": "self",
"summary": "SUSE Bug 1256839",
"url": "https://bugzilla.suse.com/1256839"
},
{
"category": "self",
"summary": "SUSE Bug 1256840",
"url": "https://bugzilla.suse.com/1256840"
},
{
"category": "self",
"summary": "SUSE Bug 1257274",
"url": "https://bugzilla.suse.com/1257274"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15469 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66199 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22796 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22796/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2026-02-02T13:00:02Z",
"generator": {
"date": "2026-02-02T13:00:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20152-1",
"initial_release_date": "2026-02-02T13:00:02Z",
"revision_history": [
{
"date": "2026-02-02T13:00:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"product_id": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-160000.5.1.aarch64",
"product": {
"name": "libopenssl3-3.5.0-160000.5.1.aarch64",
"product_id": "libopenssl3-3.5.0-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-160000.5.1.aarch64",
"product": {
"name": "openssl-3-3.5.0-160000.5.1.aarch64",
"product_id": "openssl-3-3.5.0-160000.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.5.0-160000.5.1.noarch",
"product": {
"name": "openssl-3-doc-3.5.0-160000.5.1.noarch",
"product_id": "openssl-3-doc-3.5.0-160000.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"product_id": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-160000.5.1.ppc64le",
"product": {
"name": "libopenssl3-3.5.0-160000.5.1.ppc64le",
"product_id": "libopenssl3-3.5.0-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-160000.5.1.ppc64le",
"product": {
"name": "openssl-3-3.5.0-160000.5.1.ppc64le",
"product_id": "openssl-3-3.5.0-160000.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"product_id": "libopenssl-3-devel-3.5.0-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-160000.5.1.s390x",
"product": {
"name": "libopenssl3-3.5.0-160000.5.1.s390x",
"product_id": "libopenssl3-3.5.0-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-160000.5.1.s390x",
"product": {
"name": "openssl-3-3.5.0-160000.5.1.s390x",
"product_id": "openssl-3-3.5.0-160000.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl3-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl3-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-160000.5.1.x86_64",
"product": {
"name": "openssl-3-3.5.0-160000.5.1.x86_64",
"product_id": "openssl-3-3.5.0-160000.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.0-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
},
"product_reference": "openssl-3-doc-3.5.0-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11187"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11187",
"url": "https://www.suse.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "SUSE Bug 1256829 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256829"
},
{
"category": "external",
"summary": "SUSE Bug 1256878 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-11187"
},
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "external",
"summary": "SUSE Bug 1256876 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-15468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15468"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15468",
"url": "https://www.suse.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "SUSE Bug 1256831 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256831"
},
{
"category": "external",
"summary": "SUSE Bug 1256880 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-15468"
},
{
"cve": "CVE-2025-15469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15469"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: The \u0027openssl dgst\u0027 command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the \u0027openssl dgst\u0027 command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n\u0027openssl dgst\u0027 command. Streaming digest algorithms for \u0027openssl dgst\u0027 and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15469",
"url": "https://www.suse.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "SUSE Bug 1256832 for CVE-2025-15469",
"url": "https://bugzilla.suse.com/1256832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-15469"
},
{
"cve": "CVE-2025-66199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66199"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66199",
"url": "https://www.suse.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "SUSE Bug 1256833 for CVE-2025-66199",
"url": "https://bugzilla.suse.com/1256833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-66199"
},
{
"cve": "CVE-2025-68160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68160"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68160",
"url": "https://www.suse.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "SUSE Bug 1256834 for CVE-2025-68160",
"url": "https://bugzilla.suse.com/1256834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69418"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69418",
"url": "https://www.suse.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "SUSE Bug 1256835 for CVE-2025-69418",
"url": "https://bugzilla.suse.com/1256835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69419"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69419",
"url": "https://www.suse.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "SUSE Bug 1256836 for CVE-2025-69419",
"url": "https://bugzilla.suse.com/1256836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69420"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69420",
"url": "https://www.suse.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "SUSE Bug 1256837 for CVE-2025-69420",
"url": "https://bugzilla.suse.com/1256837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69421"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69421",
"url": "https://www.suse.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "SUSE Bug 1256838 for CVE-2025-69421",
"url": "https://bugzilla.suse.com/1256838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22795"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22795",
"url": "https://www.suse.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "SUSE Bug 1256839 for CVE-2026-22795",
"url": "https://bugzilla.suse.com/1256839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22796"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22796",
"url": "https://www.suse.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "SUSE Bug 1256840 for CVE-2026-22796",
"url": "https://bugzilla.suse.com/1256840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"openSUSE Leap 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2026-22796"
}
]
}
RHSA-2026:1472
Vulnerability from csaf_redhat - Published: 2026-01-28 09:06 - Updated: 2026-06-08 21:56Summary
Red Hat Security Advisory: openssl security update
Severity
Important
Notes
Topic: An update for openssl is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)
* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)
* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)
* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)
* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)
* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)
* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)
* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.
6.1 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.
9.8 (Critical)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).
5.9 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.
5.5 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.
5.9 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).
4.7 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.
4.0 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.
7.4 (High)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.
5.9 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.
6.5 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.
5.5 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.
5.9 (Medium)
Affected products
Fixed
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)\n\n* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)\n\n* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)\n\n* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)\n\n* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\n* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)\n\n* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)\n\n* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)\n\n* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1472",
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1472.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-06-08T21:56:00+00:00",
"generator": {
"date": "2026-06-08T21:56:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:1472",
"initial_release_date": "2026-01-28T09:06:06+00:00",
"revision_history": [
{
"date": "2026-01-28T09:06:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T09:06:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-08T21:56:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.src",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.src",
"product_id": "openssl-1:3.5.1-7.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.src",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-15468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:51.062000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430377"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "RHBZ#2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling"
},
{
"cve": "CVE-2025-15469",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-16T14:21:51.411000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw affects the `openssl dgst` command-line tool when used with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) on files larger than 16MB. Impact is limited as it requires both signing and verification to be performed using the affected command, and verifiers using library APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "RHBZ#2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `openssl dgst` command with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) for files larger than 16MB. Instead, utilize streaming digest algorithms with `openssl dgst` or use library APIs for signing and verification, as these are not affected by the truncation vulnerability. Users should ensure that input files for one-shot signing/verification with `openssl dgst` do not exceed 16MB.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation"
},
{
"cve": "CVE-2025-66199",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T14:21:51.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in OpenSSL 3.3, 3.4, 3.5, and 3.6 allows an attacker to cause excessive memory allocation during TLS 1.3 handshake with certificate compression, potentially leading to a Denial of Service. This affects both clients and servers in mutual TLS scenarios where certificate compression is negotiated. Servers not requesting client certificates are not vulnerable to client-initiated attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "RHBZ#2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the reception of compressed certificates by setting the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option in OpenSSL configurations. This will prevent the vulnerable code path from being exercised.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression"
},
{
"cve": "CVE-2025-68160",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-01-16T14:21:52.088000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430380"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The `BIO_f_linebuffer` filter, where this heap out-of-bounds write occurs, is not used by default in TLS/SSL data paths within Red Hat products. Exploitation requires third-party applications to explicitly use this filter with a BIO chain that can short-write and process large, newline-free data influenced by an attacker, which is an unlikely scenario under attacker control. Red Hat FIPS modules are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "RHBZ#2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter"
},
{
"cve": "CVE-2025-69418",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-16T14:21:52.438000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, impact is limited because typical OpenSSL consumers using higher-level EVP APIs are not affected. The flaw only manifests when applications directly call low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in hardware-accelerated builds. Additionally, TLS does not use OCB ciphersuites, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "RHBZ#2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"cve": "CVE-2025-69420",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.497000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the TimeStamp Response verification code can lead to a Denial of Service when processing a specially crafted TimeStamp Response. Exploitation requires an application to call `TS_RESP_verify_response()` with a malformed response, and the TimeStamp protocol (RFC 3161) is not widely used. Red Hat FIPS modules are not affected as the TimeStamp Response implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "RHBZ#2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response"
},
{
"cve": "CVE-2025-69421",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:53.845000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat because it requires an application to process a specially crafted, malformed PKCS#12 file, leading to a Denial of Service. The vulnerability is limited to a crash and cannot be escalated to achieve code execution or memory disclosure. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "RHBZ#2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing"
},
{
"cve": "CVE-2026-22795",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.146000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. An application processing a maliciously crafted PKCS#12 file can be caused to dereference an invalid or NULL pointer, resulting in a Denial of Service. In the Red Hat context, impact is limited as PKCS#12 files are typically used for trusted private keys and are not commonly accepted from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "RHBZ#2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing"
},
{
"cve": "CVE-2026-22796",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-16T14:43:21.598000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the legacy PKCS#7 API can lead to a Denial of Service when processing specially crafted PKCS#7 data. Exploitation requires an application to perform signature verification of malformed PKCS#7 data. Red Hat products utilizing the FIPS module are not affected as the PKCS#7 parsing is outside the module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "RHBZ#2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification"
}
]
}
RHSA-2026:1473
Vulnerability from csaf_redhat - Published: 2026-01-28 10:08 - Updated: 2026-06-08 21:56Summary
Red Hat Security Advisory: openssl security update
Severity
Important
Notes
Topic: An update for openssl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)
* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)
* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)
* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)
* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)
* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)
* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)
* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.
6.1 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.
9.8 (Critical)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).
5.9 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.
5.5 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.
5.9 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).
4.7 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.
4.0 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.
7.4 (High)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.
5.9 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.
6.5 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.
5.5 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.
5.9 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)\n\n* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)\n\n* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)\n\n* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)\n\n* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\n* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)\n\n* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)\n\n* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)\n\n* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1473",
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1473.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-06-08T21:56:00+00:00",
"generator": {
"date": "2026-06-08T21:56:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:1473",
"initial_release_date": "2026-01-28T10:08:56+00:00",
"revision_history": [
{
"date": "2026-01-28T10:08:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T10:08:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-08T21:56:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.src",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.src",
"product_id": "openssl-1:3.5.1-7.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.src",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-15468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:51.062000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430377"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "RHBZ#2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling"
},
{
"cve": "CVE-2025-15469",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-16T14:21:51.411000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw affects the `openssl dgst` command-line tool when used with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) on files larger than 16MB. Impact is limited as it requires both signing and verification to be performed using the affected command, and verifiers using library APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "RHBZ#2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `openssl dgst` command with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) for files larger than 16MB. Instead, utilize streaming digest algorithms with `openssl dgst` or use library APIs for signing and verification, as these are not affected by the truncation vulnerability. Users should ensure that input files for one-shot signing/verification with `openssl dgst` do not exceed 16MB.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation"
},
{
"cve": "CVE-2025-66199",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T14:21:51.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in OpenSSL 3.3, 3.4, 3.5, and 3.6 allows an attacker to cause excessive memory allocation during TLS 1.3 handshake with certificate compression, potentially leading to a Denial of Service. This affects both clients and servers in mutual TLS scenarios where certificate compression is negotiated. Servers not requesting client certificates are not vulnerable to client-initiated attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "RHBZ#2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the reception of compressed certificates by setting the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option in OpenSSL configurations. This will prevent the vulnerable code path from being exercised.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression"
},
{
"cve": "CVE-2025-68160",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-01-16T14:21:52.088000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430380"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The `BIO_f_linebuffer` filter, where this heap out-of-bounds write occurs, is not used by default in TLS/SSL data paths within Red Hat products. Exploitation requires third-party applications to explicitly use this filter with a BIO chain that can short-write and process large, newline-free data influenced by an attacker, which is an unlikely scenario under attacker control. Red Hat FIPS modules are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "RHBZ#2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter"
},
{
"cve": "CVE-2025-69418",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-16T14:21:52.438000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, impact is limited because typical OpenSSL consumers using higher-level EVP APIs are not affected. The flaw only manifests when applications directly call low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in hardware-accelerated builds. Additionally, TLS does not use OCB ciphersuites, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "RHBZ#2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"cve": "CVE-2025-69420",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.497000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the TimeStamp Response verification code can lead to a Denial of Service when processing a specially crafted TimeStamp Response. Exploitation requires an application to call `TS_RESP_verify_response()` with a malformed response, and the TimeStamp protocol (RFC 3161) is not widely used. Red Hat FIPS modules are not affected as the TimeStamp Response implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "RHBZ#2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response"
},
{
"cve": "CVE-2025-69421",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:53.845000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat because it requires an application to process a specially crafted, malformed PKCS#12 file, leading to a Denial of Service. The vulnerability is limited to a crash and cannot be escalated to achieve code execution or memory disclosure. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "RHBZ#2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing"
},
{
"cve": "CVE-2026-22795",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.146000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. An application processing a maliciously crafted PKCS#12 file can be caused to dereference an invalid or NULL pointer, resulting in a Denial of Service. In the Red Hat context, impact is limited as PKCS#12 files are typically used for trusted private keys and are not commonly accepted from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "RHBZ#2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing"
},
{
"cve": "CVE-2026-22796",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-16T14:43:21.598000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the legacy PKCS#7 API can lead to a Denial of Service when processing specially crafted PKCS#7 data. Exploitation requires an application to perform signature verification of malformed PKCS#7 data. Red Hat products utilizing the FIPS module are not affected as the PKCS#7 parsing is outside the module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "RHBZ#2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…