CVE-2025-15467

Name of the Vulnerable Software and Affected Versions OpenSSL version 3.0 OpenSSL version 3.3 OpenSSL version 3.4 OpenSSL version 3.5 OpenSSL version 3.6

Description Parsing CMS AuthEnvelopedData or EnvelopedData messages with maliciously crafted AEAD (Authenticated Encryption with Associated Data) parameters can trigger a stack buffer overflow. When processing CMS structures using AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying if its length fits the destination. This allows an attacker to provide a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services parsing untrusted CMS or PKCS#7 content, such as S/MIME, are affected. Since the overflow occurs prior to authentication, no valid key material is required to trigger the issue, which may lead to a crash causing Denial of Service or potentially remote code execution.

Recommendations Update OpenSSL version 3.0 to 3.0.19 Update OpenSSL version 3.3 to 3.3.6 Update OpenSSL version 3.4 to 3.4.4 Update OpenSSL version 3.5 to 3.5.5 Update OpenSSL version 3.6 to 3.6.1