CVE-2025-68160

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 3.6 OpenSSL versions 1.1.1 OpenSSL versions 3.0 through 3.6 OpenSSL versions 3.3 through 3.6 OpenSSL versions 3.4 through 3.6 OpenSSL versions 3.5 through 3.6

Description A heap-based out-of-bounds write can occur when writing large, newline-free data into a BIO chain utilizing the line-buffering filter, particularly when the subsequent BIO performs short writes. This memory corruption can lead to a denial of service. The line-buffering BIO filter (BIO f linebuffer) is not typically used in default TLS/SSL configurations. The issue is assessed as low severity due to the unlikely circumstances of attacker control and the filter's limited use with attacker-controlled data. The FIPS modules in versions 3.0, 3.3, 3.4, 3.5, and 3.6 are not affected as the BIO implementation is outside the FIPS module boundary.

Recommendations OpenSSL version 1.0.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL version 1.1.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.0 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.3 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.4 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.5 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.