CVE-2025-69418

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 3.6 OpenSSL version 1.0.2 is not affected

Description The issue relates to the handling of non-block-aligned input lengths when using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths. Specifically, inputs that are not a multiple of 16 bytes can result in the final partial block remaining unencrypted and unauthenticated. This can expose the trailing 1-15 bytes of a message in cleartext and bypass the authentication tag, potentially allowing an attacker to read or tamper with those bytes without detection. The vulnerability affects applications directly calling the CRYPTO ocb128 encrypt() or CRYPTO ocb128 decrypt() functions. Higher-level implementations like EVP are not affected. The issue was assessed as having low severity.

Recommendations OpenSSL versions 1.1.1 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.