Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Home
Redhotcyber Banner Sito 320x100px Uscita 101125
Banner Ancharia Desktop 1 1
OpenSSL: 12 security bugs found, including a critical vulnerability

OpenSSL: 12 security bugs found, including a critical vulnerability

28 January 2026 11:14

A security update has been released by maintainers of OpenSSL, the cryptographic library, addressing about a dozen vulnerabilities, including logic errors and memory corruption, among others.

The most alarming discovery is CVE-2025-15467, a vulnerability rooted in the way OpenSSL processes Cryptographic Message Syntax (CMS) structures. Specifically, the flaw affects the handling of AuthEnvelopedData messages that use AEAD ciphers such as AES-GCM.

This security bug is a high-severity stack buffer overflow that could potentially allow remote attackers to execute code on vulnerable systems.

The advisory details a number of challenges related to several components, such as KCS#12 P handling, CMS processing, and TLS 1.3 certificate mitigation.

When the system attempts to transfer the initialization vector into a fixed-size buffer, the problem occurs. The warning specifies that processing the C MS AuthEnvelopedData message containing AEAD parameters can trigger a stack buffer overflow.

Failure by the library to verify that the length is appropriate for the target allows an attacker to force a write across the stack bounds . A stack buffer overflow can then cause a crash, resulting in a denial of service or, potentially, remote code execution, with very serious consequences.

Essentially, this can happen before the system even verifies authentication credentials. “Since the overflow occurs before authentication, no valid key material is needed to trigger it.”

Several areas of OpenSSL, including the latest version of the 3.x series, are vulnerable to vulnerabilities. To minimize these risks, the administrators have released the following updates.

  • OpenSSL 3.6 users should upgrade to 3.6.1.
  • OpenSSL 3.5 users should upgrade to 3.5.5.
  • OpenSSL 3.4 users should upgrade to 3.4.4.
  • OpenSSL 3.3 users should upgrade to 3.3.6.
  • OpenSSL 3.0 users should upgrade to version 3.0.19.

The update also addresses other bugs, fixing ten low-severity vulnerabilities that could lead to crashes or minor data integrity issues. The most significant of these include:

  • CVE-2025-15469: The openssl dgst command-line tool was discovered to ” silently truncate input data to 16 MB when using one-shot signature algorithms,” potentially leaving final data unauthenticated.
  • CVE-2025-66199: A TLS 1.3 memory exhaustion issue where “an attacker can cause per-connection memory allocations of up to approximately 22 MiB,” potentially resulting in a denial of service.
  • CVE-2025-15468: NULL pointer dereference in the SSL_CIPHER_find() function for users of the QUIC protocol.

Users of previous versions, which include premium support (1.1.1 and 1.0.2), have dedicated patches for specific vulnerabilities.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

1744358477148 300x300
Bajram Zeqiri is an expert in cybersecurity, cyber threat intelligence, and digital forensics with over twenty years of experience, combining technical expertise and strategic vision to build cyber resilience for SMEs. Founder of ParagonSec and a technical contributor for Red Hot Cyber, he works in the delivery and design of various cyber services, including SOC, MDR, Incident Response, Security Architecture, Engineering, and Operations. He helps SMEs transform cybersecurity from a cost center into a strategic business enabler.
Areas of Expertise: Cyber threat intelligence, Incident response, Digital forensics, Malware analysis, Security architecture, SOC/MDR operations, OSINT research