openssl-3 (SUSE:Linux Micro 6.2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Micro 6.2 package openssl-3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (22)
CVE-2026-31789 — CVSS 9.8 (critical): Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit…
CVE-2025-15467 — CVSS 8.8 (high): Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer…
CVE-2026-28387 — CVSS 8.1 (high): Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE…
CVE-2026-28389 — CVSS 7.5 (high): Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen…
CVE-2026-28388 — CVSS 7.5 (high): Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the…
CVE-2025-69420 — CVSS 7.5 (high): Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is…
CVE-2025-69421 — CVSS 7.5 (high): Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function…
CVE-2025-9230 — CVSS 7.5 (high): Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read…
CVE-2026-31790 — CVSS 7.5 (high): Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized…
CVE-2026-28390 — CVSS 7.5 (high): Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can…
CVE-2025-69419 — CVSS 7.4 (high): Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name…
CVE-2025-9231 — CVSS 6.5 (medium): Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm…
CVE-2026-2673 — CVSS 6.5 (medium): Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group…
CVE-2025-11187 — CVSS 6.1 (medium): Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer…
CVE-2025-66199 — CVSS 5.9 (medium): Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without…
CVE-2025-9232 — CVSS 5.9 (medium): Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment…
CVE-2025-15468 — CVSS 5.9 (medium): Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite…
CVE-2026-22795 — CVSS 5.5 (medium): Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An…
CVE-2025-15469 — CVSS 5.5 (medium): Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and…
CVE-2026-22796 — CVSS 5.3 (medium): Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is…
CVE-2025-68160 — CVSS 4.7 (medium): Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes…
CVE-2025-69418 — CVSS 4.0 (medium): Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is…