VuXML: OpenSSL -- Multiple vulnerabilities

Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)

Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)

NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)

"openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)

TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)

Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)

Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)

Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)

Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)

NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)

[source]

References

CVE Name

CVE-2025-11187

CVE Name

CVE-2025-15467

CVE Name

CVE-2025-15468

CVE Name

CVE-2025-15469

CVE Name

CVE-2025-66199

CVE Name

CVE-2025-68160

CVE Name

CVE-2025-69418

CVE Name

CVE-2025-69419

CVE Name

CVE-2025-69420

CVE Name

CVE-2025-69421

FreeBSD Advisory

SA-26:01.openssl

URL

https://openssl-library.org/news/secadv/20260127.txt