usn-7980-1
Vulnerability from osv_ubuntu
Published
2026-01-27 18:10
Modified
2026-06-30 15:54
Summary
openssl vulnerabilities
Details

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11187)

Stanislav Fort discovered that OpenSSL incorrectly parsed CMS AuthEnvelopedData messages. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467)

Stanislav Fort discovered that OpenSSL incorrectly handled memory in the SSL_CIPHER_find() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-15468)

Stanislav Fort discovered that the OpenSSL "openssl dgst" command line tool incorrectly truncated data to 16MB. An attacker could posibly use this issue to hide unauthenticated data beyond the 16MB limit. This issue only affected Ubuntu 25.10. (CVE-2025-15469)

Tomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled memory with TLS 1.3 connections using certificate compression. An attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-66199)

Petr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled memory when writing large data into a BIO chain. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-68160)

Stanislav Fort discovered that the OpenSSL OCB API could incorrectly leave final partial blocks unencrypted and unauthenticated. An attacker could possibly use this issue to read or tamper with the affected final bytes. (CVE-2025-69418)

Stanislav Fort discovered that OpenSSL incorrectly handled the PKCS12_get_friendlyname() utf-8 conversion. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69419)

Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the TS_RESP_verify_response() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69420)

Luigino Camastra discovered that OpenSSL incorrectly handled memory in the PKCS12_item_decrypt_d2i_ex function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69421)

Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in PKCS#12 parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795)

Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the PKCS7_digest_from_attributes() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22796)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2025-15467",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-68160",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69418",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69419",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69420",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69421",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-22795",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-22796",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:22.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libssl3",
            "binary_version": "3.0.2-0ubuntu1.21"
          },
          {
            "binary_name": "openssl",
            "binary_version": "3.0.2-0ubuntu1.21"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.21?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.2-0ubuntu1.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.1.1l-1ubuntu1",
        "3.0.0-1ubuntu1",
        "3.0.1-0ubuntu1",
        "3.0.2-0ubuntu1",
        "3.0.2-0ubuntu1.1",
        "3.0.2-0ubuntu1.2",
        "3.0.2-0ubuntu1.4",
        "3.0.2-0ubuntu1.5",
        "3.0.2-0ubuntu1.6",
        "3.0.2-0ubuntu1.7",
        "3.0.2-0ubuntu1.8",
        "3.0.2-0ubuntu1.9",
        "3.0.2-0ubuntu1.10",
        "3.0.2-0ubuntu1.12",
        "3.0.2-0ubuntu1.13",
        "3.0.2-0ubuntu1.14",
        "3.0.2-0ubuntu1.15",
        "3.0.2-0ubuntu1.16",
        "3.0.2-0ubuntu1.17",
        "3.0.2-0ubuntu1.18",
        "3.0.2-0ubuntu1.19",
        "3.0.2-0ubuntu1.20"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2025-15467",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-68160",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69418",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69419",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69420",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69421",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-22795",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-22796",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:24.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libssl3t64",
            "binary_version": "3.0.13-0ubuntu3.7"
          },
          {
            "binary_name": "openssl",
            "binary_version": "3.0.13-0ubuntu3.7"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:24.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=source\u0026distro=noble"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.13-0ubuntu3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.10-1ubuntu2",
        "3.0.10-1ubuntu2.1",
        "3.0.10-1ubuntu3",
        "3.0.10-1ubuntu4",
        "3.0.13-0ubuntu2",
        "3.0.13-0ubuntu3",
        "3.0.13-0ubuntu3.1",
        "3.0.13-0ubuntu3.2",
        "3.0.13-0ubuntu3.3",
        "3.0.13-0ubuntu3.4",
        "3.0.13-0ubuntu3.5",
        "3.0.13-0ubuntu3.6"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2025-11187",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-15467",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-15468",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-15469",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-66199",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-68160",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69418",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69419",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69420",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2025-69421",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-22795",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2026-22796",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:25.10"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libssl3t64",
            "binary_version": "3.5.3-1ubuntu3"
          },
          {
            "binary_name": "openssl",
            "binary_version": "3.5.3-1ubuntu3"
          },
          {
            "binary_name": "openssl-provider-legacy",
            "binary_version": "3.5.3-1ubuntu3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:25.10",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@3.5.3-1ubuntu3?arch=source\u0026distro=questing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.3-1ubuntu3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.4.1-1ubuntu3",
        "3.5.0-2ubuntu1",
        "3.5.2-1ubuntu1",
        "3.5.3-1ubuntu2"
      ]
    }
  ],
  "aliases": [],
  "details": "Stanislav Fort, Petr \u0160ime\u010dek, and Hamza discovered that OpenSSL\nincorrectly validated PBMAC1 parameters when doing PKCS#12 MAC\nverification. An attacker could possibly use this issue to cause OpenSSL to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n25.10. (CVE-2025-11187)\n\nStanislav Fort discovered that OpenSSL incorrectly parsed CMS\nAuthEnvelopedData messages. An attacker could possibly use this issue to\ncause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467)\n\nStanislav Fort discovered that OpenSSL incorrectly handled memory in the\nSSL_CIPHER_find() function. An attacker could possibly use this issue to\ncause OpenSSL to crash, resulting in a denial of service. This issue only\naffected Ubuntu 25.10. (CVE-2025-15468)\n\nStanislav Fort discovered that the OpenSSL \"openssl dgst\" command line\ntool incorrectly truncated data to 16MB. An attacker could posibly use this\nissue to hide unauthenticated data beyond the 16MB limit. This issue only\naffected Ubuntu 25.10. (CVE-2025-15469)\n\nTomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled\nmemory with TLS 1.3 connections using certificate compression. An attacker\ncould possibly use this issue to consume resources, leading to a denial of\nservice. This issue only affected Ubuntu 25.10. (CVE-2025-66199)\n\nPetr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled\nmemory when writing large data into a BIO chain. An attacker could possibly\nuse this issue to consume resources, leading to a denial of service.\n(CVE-2025-68160)\n\nStanislav Fort discovered that the OpenSSL OCB API could incorrectly leave\nfinal partial blocks unencrypted and unauthenticated. An attacker could\npossibly use this issue to read or tamper with the affected final bytes.\n(CVE-2025-69418)\n\nStanislav Fort discovered that OpenSSL incorrectly handled the\nPKCS12_get_friendlyname() utf-8 conversion. An attacker could possibly use\nthis issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2025-69419)\n\nLuigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE\nvalidation in the TS_RESP_verify_response() function. An attacker could\npossibly use this issue to cause OpenSSL to crash, resulting in a denial of\nservice. (CVE-2025-69420)\n\nLuigino Camastra discovered that OpenSSL incorrectly handled memory in the\nPKCS12_item_decrypt_d2i_ex function. An attacker could possibly use this\nissue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2025-69421)\n\nLuigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE\nvalidation in PKCS#12 parsing. An attacker could possibly use this issue to\ncause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795)\n\nLuigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE\nvalidation in the PKCS7_digest_from_attributes() function. An attacker\ncould possibly use this issue to cause OpenSSL to crash, resulting in a\ndenial of service. (CVE-2026-22796)",
  "id": "USN-7980-1",
  "modified": "2026-06-30T15:54:46Z",
  "published": "2026-01-27T18:10:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-7980-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-11187"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-15467"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-15468"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-15469"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-66199"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-68160"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-69418"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-69419"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-69420"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2025-69421"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-22795"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-22796"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "openssl vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2025-11187",
    "UBUNTU-CVE-2025-15467",
    "UBUNTU-CVE-2025-15468",
    "UBUNTU-CVE-2025-15469",
    "UBUNTU-CVE-2025-66199",
    "UBUNTU-CVE-2025-68160",
    "UBUNTU-CVE-2025-69418",
    "UBUNTU-CVE-2025-69419",
    "UBUNTU-CVE-2025-69420",
    "UBUNTU-CVE-2025-69421",
    "UBUNTU-CVE-2026-22795",
    "UBUNTU-CVE-2026-22796"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…