Stanislav Fort

Name of the Vulnerable Software and Affected Versions OpenSSL FIPS Module version 3.6 Description Applications utilizing AES-CFB128 encryption or decryption on systems equipped with AVX-512 and VAES support may experience an out-of-bounds read of up to 15 bytes when handling partial cipher blocks. This can lead to a denial of service if the input buffer is at a memory page boundary and the subsequent page is unmapped. The issue occurs only when processing partial blocks and on x86-64 systems with AVX-512 and VAES instruction support. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC for Android versions prior to 3.7.0 **Description** The software contains a path traversal issue in the Remote Access Server routing for the authenticated endpoint ''/download''. The `file` query parameter is combined into a filesystem path without proper validation, potentially allowing a network-based attacker to request files outside the intended directory. The impact is limited by Android’s security features, typically restricting access to app-internal and app-specific external storage. **Recommendations** Update VideoLAN VLC for Android to version 3.7.0 or later.

**Name of the Vulnerable Software and Affected Versions** ESF-IDF versions 5.5.1 through 5.1.6 **Description** ESF-IDF, the Espressif Internet of Things (IOT) Development Framework, contains a flaw in the `avrc vendor msg()` function within the BlueDroid AVRCP stack. The function validates the allocated buffer size using `AVRC MIN CMD LEN` (20 bytes), but the fixed header data written before the vendor payload exceeds this value, totaling 29 bytes before `p msg->p vendor data` is copied. This discrepancy can lead to an out-of-bounds write when `vendor len` approaches the buffer limit, potentially causing memory corruption, crashes, or undefined behavior. The overflow may be larger when assertions are disabled. **Recommendations** Versions 5.1.6 and earlier: Update to a version later than 5.1.6. Versions 5.5.1, 5.4.3, 5.3.4, and 5.2.6: Update to a version later than 5.5.1, 5.4.3, 5.3.4, and 5.2.6 respectively. As a temporary workaround, consider disabling the AVRCP stack or restricting the use of the `avrc vendor msg()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** curl (affected versions not specified) **Description** The software lacks proper host verification when establishing SSH connections for SFTP operations using the wolfSSH backend. This flaw allows for man-in-the-middle (MITM) attacks to go undetected, as any host key is accepted. The issue stems from a flaw in the code managing SSH connections. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2.3 **Description** A stack buffer overwrite can occur on the SFTP server side when receiving a malicious packet. The issue arises when the packet's handle size exceeds the system handle or file descriptor size, but remains within the maximum allowed handle size. This could potentially allow for unauthorized access or control. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** OpenSSL versions prior to 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, and 1.0.2zm. **Description:** OpenSSL contains vulnerabilities due to out-of-bounds read and write issues. Specifically, an out-of-bounds read and write can occur when decrypting CMS messages encrypted using password-based encryption, potentially leading to a crash or memory corruption. Additionally, an out-of-bounds read can occur in the HTTP client API functions when the 'no proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. The FIPS modules in OpenSSL versions 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected. **Recommendations:** Upgrade OpenSSL to version 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, or 1.0.2zm to address these vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 3.0.17-1~deb12u3 OpenSSL versions prior to 3.5.1-1+deb13u1 OpenSSL versions prior to 3.5.4 OpenSSL versions prior to 3.4.3 OpenSSL versions prior to 3.3.5 OpenSSL versions prior to 3.2.6 **Description** A timing side-channel exists in the SM2 algorithm implementation on 64-bit ARM platforms. This issue could potentially allow a remote attacker to recover the private key through precise timing measurements. While remote key recovery over a network has not been demonstrated, timing measurements have revealed a timing signal that may enable such an attack. The vulnerability is considered a moderate severity issue, particularly in scenarios where support for SM2 certificates is added via a custom provider. The FIPS modules in OpenSSL versions 3.0, 3.1, 3.2, 3.3, 3.4, and 3.5 are not affected, as SM2 is not an approved algorithm. **Recommendations** Upgrade OpenSSL to version 3.0.17-1~deb12u3 or later. Upgrade OpenSSL to version 3.5.1-1+deb13u1 or later. Upgrade OpenSSL to version 3.5.4 or later. Upgrade OpenSSL to version 3.4.3 or later. Upgrade OpenSSL to version 3.3.5 or later. Upgrade OpenSSL to version 3.2.6 or later.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.0.16 through 3.5.0 EDK II (affected versions not specified) **Description** An issue has been identified in OpenSSL where an application using the HTTP client API functions may trigger an out-of-bounds read if the `no proxy` environment variable is set and the host portion of the HTTP URL is an IPv6 address. This can lead to a denial of service for the application. The vulnerable code was introduced in releases 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0, and 3.5.0. The FIPS modules are not affected, as the HTTP client implementation is outside the FIPS module boundary. The vulnerability requires an attacker-controlled URL to be passed to the OpenSSL function and the user must have the `no proxy` environment variable set. The issue was assessed as having low severity. The HTTP client API functions are used directly by applications and also by the OCSP and CMP client implementations within OpenSSL, though URLs used by these implementations are unlikely to be controlled by an attacker. **Recommendations** OpenSSL versions 3.0.16 through 3.0.17-1~deb12u3 OpenSSL versions 3.1.8 through 3.5.1-1+deb13u1 OpenSSL versions 3.2.4 through 3.5.1-1+deb13u1 OpenSSL versions 3.3.3 through 3.5.1-1+deb13u1 OpenSSL versions 3.4.0 through 3.5.1-1+deb13u1 OpenSSL version 3.5.0 through 3.5.1-1+deb13u1 As a temporary workaround, consider disabling the use of the HTTP client API functions if possible. Restrict access to the vulnerable functions `HTTP client API functions` to minimize the risk of exploitation. Avoid setting the `no proxy` environment variable if not required.

**Name of the Vulnerable Software and Affected Versions** libcurl versions prior to 7.87.0-150400.7.26.1 openSUSE Leap 15.6 (affected versions not specified) SUSE Linux Enterprise Server 15 SP4 (affected versions not specified) **Description** The issue relates to libcurl's handling of TLS options during multi-threaded LDAPS (LDAP over TLS) transfers. Modifying TLS options within one thread unintentionally alters them globally, potentially impacting other concurrent transfers. Specifically, disabling certificate verification for a single transfer could inadvertently disable it for all threads. This could lead to insecure connections and potential compromise of sensitive data. The issue is also described as a heap buffer overflow in curl, potentially allowing Remote Code Execution (RCE) via malicious SOCKS5 proxy responses. **Recommendations** Update libcurl to version 7.87.0-150400.7.26.1 or later. Apply the security update SUSE-2026-0078-1. Update openSUSE Leap 15.6 to the latest available version. Update SUSE Linux Enterprise Server 15 SP4 to the latest available version.

**Name of the Vulnerable Software and Affected Versions** curl (affected versions not specified) **Description** The curl software is subject to a security issue. Details regarding the nature of the issue are not available from the provided information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libcurl (affected versions not specified) **Description** When utilizing the `CURLOPT PINNEDPUBLICKEY` option in libcurl or the `--pinnedpubkey` option with the curl tool, the software should verify the server certificate's public key to confirm the peer's identity. A condition existed where this check was bypassed, allowing connections without proper verification and potentially enabling connections to an impostor. This occurred specifically when using QUIC with ngtcp2 built to use GnuTLS, and when standard certificate verification was explicitly disabled. The vulnerable component is the public key verification process when using pinned public keys. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** curl versions prior to 8.17.0 **Description** The software is susceptible to a path traversal issue when handling URLs with percent-encoded slashes. This could allow an attacker to access files outside the intended directory. **Recommendations** Update to curl version 8.17.0 or later.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.4.0 through 3.6.0 **Description** The vulnerability relates to improper validation of PBMAC1 parameters within PKCS#12 files. Specifically, the PBKDF2 salt and keylength parameters are used without sufficient validation during MAC verification. If the `keylength` value exceeds the size of a fixed stack buffer (64 bytes), a stack-based buffer overflow can occur. Additionally, if the `salt` parameter is not an OCTET STRING type, it can lead to an invalid or NULL pointer dereference. Exploitation requires processing a maliciously crafted PKCS#12 file. This can result in a denial of service (DoS) due to application crashes, and potentially enable code execution depending on platform mitigations. The FIPS modules in versions 3.6, 3.5, and 3.4 are not affected, as PKCS#12 processing falls outside the FIPS module boundary. The vulnerability is triggered when verifying a PKCS#12 file that uses PBMAC1 for the MAC. Attackers can deliver a malicious .p12/.pfx file to systems that import or validate PKCS#12 files from external sources. **Recommendations** Upgrade to OpenSSL version 3.4.1, 3.5.1, or 3.6.1 or later. Restrict or disable PKCS#12 import/upload features where feasible. Add strict validation controls, including file size limits and content-type enforcement. Isolate PKCS#12 parsing into a sandboxed or helper process. Monitor for crashes or segmentation faults in certificate-handling components and OpenSSL error patterns related to PKCS#12 verification. Identify all services that parse .p12/.pfx files.

**Name of the Vulnerable Software and Affected Versions** OpenSSL version 3.0 OpenSSL version 3.3 OpenSSL version 3.4 OpenSSL version 3.5 OpenSSL version 3.6 **Description** Parsing CMS AuthEnvelopedData or EnvelopedData messages with maliciously crafted AEAD (Authenticated Encryption with Associated Data) parameters can trigger a stack buffer overflow. When processing CMS structures using AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying if its length fits the destination. This allows an attacker to provide a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services parsing untrusted CMS or PKCS#7 content, such as S/MIME, are affected. Since the overflow occurs prior to authentication, no valid key material is required to trigger the issue, which may lead to a crash causing Denial of Service or potentially remote code execution. **Recommendations** Update OpenSSL version 3.0 to 3.0.19 Update OpenSSL version 3.3 to 3.3.6 Update OpenSSL version 3.4 to 3.4.4 Update OpenSSL version 3.5 to 3.5.5 Update OpenSSL version 3.6 to 3.6.1

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.3 through 3.6 **Description** A flaw exists in OpenSSL where the `SSL CIPHER find()` function, when used in a QUIC protocol client or server, can experience a NULL pointer dereference if it receives an unknown cipher suite from its peer. This can lead to a denial of service, causing the process to terminate unexpectedly. The issue was introduced with the addition of QUIC protocol support in version 3.2. The FIPS modules in versions 3.6, 3.5, 3.4, and 3.3 are not affected as the QUIC implementation is outside the OpenSSL FIPS module boundary. The vulnerable function is `SSL CIPHER find()`. **Recommendations** OpenSSL versions 3.3 through 3.6 should be updated to a fixed version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.5 and 3.6 **Description** The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. This can lead a user to believe an entire file is authenticated when trailing data beyond 16MB remains unauthenticated. The issue affects only the command-line tool behavior and does not impact verifiers that process the full message using library APIs. Streaming digest algorithms for 'openssl dgst' and library users are also unaffected. The issue occurs when using one-shot signing algorithms such as Ed25519, Ed448, or ML-DSA. The tool truncates the input to the first 16MB and continues without signaling an error, creating an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath. **Recommendations** OpenSSL version 3.5: Avoid signing or verifying files larger than 16MB with one-shot signing algorithms using the 'openssl dgst' command-line tool. OpenSSL version 3.6: Avoid signing or verifying files larger than 16MB with one-shot signing algorithms using the 'openssl dgst' command-line tool.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.3 through 3.6 **Description** A TLS 1.3 connection utilizing certificate compression can be manipulated to allocate a substantial buffer prior to decompression, bypassing the configured certificate size limit. This can lead to per-connection memory allocations of approximately 22 MiB and increased CPU usage, potentially causing service degradation or denial of service. The issue arises from the uncompressed certificate length supplied by the peer in a CompressedCertificate message being used to expand a heap buffer without being constrained by the `max cert list` setting. This affects clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate. Servers that do not request client certificates are not susceptible to client-initiated attacks. **Recommendations** OpenSSL version 3.3: Set SSL OP NO RX CERTIFICATE COMPRESSION to disable receiving compressed certificates. OpenSSL version 3.4: Set SSL OP NO RX CERTIFICATE COMPRESSION to disable receiving compressed certificates. OpenSSL version 3.5: Set SSL OP NO RX CERTIFICATE COMPRESSION to disable receiving compressed certificates. OpenSSL version 3.6: Set SSL OP NO RX CERTIFICATE COMPRESSION to disable receiving compressed certificates.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.2 through 3.6 OpenSSL versions 1.1.1 OpenSSL versions 3.0 through 3.6 OpenSSL versions 3.3 through 3.6 OpenSSL versions 3.4 through 3.6 OpenSSL versions 3.5 through 3.6 **Description** A heap-based out-of-bounds write can occur when writing large, newline-free data into a BIO chain utilizing the line-buffering filter, particularly when the subsequent BIO performs short writes. This memory corruption can lead to a denial of service. The line-buffering BIO filter (BIO f linebuffer) is not typically used in default TLS/SSL configurations. The issue is assessed as low severity due to the unlikely circumstances of attacker control and the filter's limited use with attacker-controlled data. The FIPS modules in versions 3.0, 3.3, 3.4, 3.5, and 3.6 are not affected as the BIO implementation is outside the FIPS module boundary. **Recommendations** OpenSSL version 1.0.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL version 1.1.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.0 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.3 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.4 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.5 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.1.1 through 3.6 OpenSSL version 1.0.2 is not affected **Description** The issue relates to the handling of non-block-aligned input lengths when using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths. Specifically, inputs that are not a multiple of 16 bytes can result in the final partial block remaining unencrypted and unauthenticated. This can expose the trailing 1-15 bytes of a message in cleartext and bypass the authentication tag, potentially allowing an attacker to read or tamper with those bytes without detection. The vulnerability affects applications directly calling the `CRYPTO ocb128 encrypt()` or `CRYPTO ocb128 decrypt()` functions. Higher-level implementations like EVP are not affected. The issue was assessed as having low severity. **Recommendations** OpenSSL versions 1.1.1 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.1.1, 3.0, 3.3, 3.4, 3.5 and 3.6 **Description** A flaw exists in the handling of maliciously crafted PKCS#12 files when using the `PKCS12 get friendlyname()` API. Specifically, processing a PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code points can lead to a one-byte write before the allocated buffer. This out-of-bounds write can cause memory corruption, potentially resulting in a Denial of Service. The issue stems from an incorrect capacity calculation within the `bmp to utf8()` function during the UTF-16 to UTF-8 conversion process, specifically when handling BMP code points above U+07FF. The `OPENSSL uni2utf8()` function is involved in this conversion. The vulnerability is triggered when parsing attacker-controlled PKCS#12 files via the public `PKCS12 get friendlyname()` API. The FIPS modules in versions 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected. **Recommendations** OpenSSL version 1.1.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL version 3.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL version 3.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL version 3.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL version 3.5: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL version 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.