{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2021-3711: fix SM2 decryption buffer overflow; check the plaintext buffer\n is large enough when decrypting SM2; add extended tests for SM2\n- CVE-2022-3996: fix X.509 policy constraints double-locking denial of service\n- CVE-2023-0464: fix excessive resource use verifying X.509 policy constraints\n- CVE-2023-0466: fix X509_VERIFY_PARAM_add0_policy() does not enable policy check\n- CVE-2023-2650: restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt translates\n- CVE-2024-13176: fix timing side-channel in ECDSA signature computation\n- CVE-2024-5535: validate provided client list in SSL_select_next_proto\n- CVE-2025-9230: fix out-of-bounds read and write in RFC 3211 KEK unwrap\n- CVE-2025-69419: fix one-byte write-before-buffer in PKCS#12 BMPString conversion\n- CVE-2025-69421: fix NULL dereference in PKCS12_item_decrypt_d2i_ex()\n- CVE-2026-28387: fix use-after-free / double-free in dane_match()\n- CVE-2026-28388: fix NULL dereference in check_delta_base()\n- CVE-2026-28389: fix NULL dereference in dh/ecdh_cms_set_shared_info()\n- CVE-2026-28390: fix NULL dereference in rsa_cms_decrypt()", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2026/clsa-2026_1780682108.json" } ], "tracking": { "current_release_date": "2026-06-08T09:32:00Z", "generator": { "date": "2026-06-08T09:32:00Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1780682108", "initial_release_date": "2026-06-05T17:55:29Z", "revision_history": [ { "date": "2026-06-05T17:55:29Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-08T09:32:00Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "openssl11: Fix of 9 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product": { "name": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_id": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl11@1.1.1k-7.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product": { "name": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_id": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl11-devel@1.1.1k-7.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product": { "name": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_id": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl11-static@1.1.1k-7.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product": { "name": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_id": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl11-libs@1.1.1k-7.el7.tuxcare.els1?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64" }, "product_reference": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64" }, "product_reference": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" }, "product_reference": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64" }, "product_reference": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-69419", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "description", "text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\nOpenSSL 1.0.2 is not affected by this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-69419" } ], "release_date": "2026-01-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-05T17:55:29.202135Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-28389", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-28389" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "url": "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "url": "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "url": "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "url": "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "url": "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686" }, { "category": "external", "summary": "https://openssl-library.org/news/secadv/20260407.txt", "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" } ], "release_date": "2026-04-07T22:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-05T17:55:29.202135Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-28390", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-28390" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75" }, { "category": "external", "summary": "https://openssl-library.org/news/secadv/20260407.txt", "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" } ], "release_date": "2026-04-07T22:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-05T17:55:29.202135Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-28388", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-28388" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726" }, { "category": "external", "summary": "https://openssl-library.org/news/secadv/20260407.txt", "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" } ], "release_date": "2026-04-07T22:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-05T17:55:29.202135Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-69421", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-69421" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "url": "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "url": "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "url": "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "url": "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "url": "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c" }, { "category": "external", "summary": "https://openssl-library.org/news/secadv/20260127.txt", "url": "https://openssl-library.org/news/secadv/20260127.txt" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" } ], "release_date": "2026-01-27T16:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-05T17:55:29.202135Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-28387", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-28387" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "url": "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "url": "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "url": "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "url": "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "url": "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177" }, { "category": "external", "summary": "https://openssl-library.org/news/secadv/20260407.txt", "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" } ], "release_date": "2026-04-07T22:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-05T17:55:29.202135Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-0464", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "description", "text": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-0464" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202402-08", "url": "https://security.gentoo.org/glsa/202402-08" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240621-0006/", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "category": "external", "summary": "https://www.couchbase.com/alerts/", "url": "https://www.couchbase.com/alerts/" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5417", "url": "https://www.debian.org/security/2023/dsa-5417" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230322.txt", "url": "https://www.openssl.org/news/secadv/20230322.txt" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230406-0006/", "url": "https://security.netapp.com/advisory/ntap-20230406-0006/" } ], "release_date": "2023-03-22T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-05T17:55:29.202135Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-3996", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "notes": [ { "category": "description", "text": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-3996" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", "url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20221213.txt", "url": "https://www.openssl.org/news/secadv/20221213.txt" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230203-0003/", "url": "https://security.netapp.com/advisory/ntap-20230203-0003/" } ], "release_date": "2022-12-13T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-05T17:55:29.202135Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-3711", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-3711" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2021/08/26/2", "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E", "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E", "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202209-02", "url": "https://security.gentoo.org/glsa/202209-02" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202210-02", "url": "https://security.gentoo.org/glsa/202210-02" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20210827-0010/", "url": "https://security.netapp.com/advisory/ntap-20210827-0010/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20211022-0003/", "url": "https://security.netapp.com/advisory/ntap-20211022-0003/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240621-0006/", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4963", "url": "https://www.debian.org/security/2021/dsa-4963" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210824.txt", "url": "https://www.openssl.org/news/secadv/20210824.txt" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2022.html", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2021.html", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "category": "external", "summary": "https://www.tenable.com/security/tns-2021-16", "url": "https://www.tenable.com/security/tns-2021-16" }, { "category": "external", "summary": "https://www.tenable.com/security/tns-2022-02", "url": "https://www.tenable.com/security/tns-2022-02" } ], "release_date": "2021-08-24T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-05T17:55:29.202135Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780682108" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] } ] }