oss-sec: OpenSSL Security Advisory
Severity: Moderate
===============
- Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)
Severity: High
===============
- Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
Severity: Low
===============
- NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)
- "openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)
- TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)
- Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
- Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
- Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
- Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
- NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
- Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
- ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)
