Debian 11 OpenSSL Critical Fix - Denial of Service Issues DLA-4490-1
debian lts
February 24, 2026
Aisle Research found multiple vulnerabilites in OpenSSL, a Secure Socket Layer toolkit providing the SSL and TLS cryptographic protocols for secure communication over the Internet
Topics Covered
Summary
CVE-2025-68160
Petr Simecek (Aisle Research) and Stanislav Fort (Aisle Research) found
writing large, newline-free data into a BIO chain using the line-buffering
filter where the next BIO performs short writes can trigger a heap-based
out-of-bounds write. This out-of-bounds write can cause memory corruption
which typically results in a crash, leading to Denial of Service for an
application.
CVE-2025-69418
Stanislav Fort (Aisle Research) found using the low-level OCB API directly
with AES-NI or other hardware-accelerated code paths, inputs whose length
is not a multiple of 16 bytes can leave the final partial block unencrypted
and unauthenticated. The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.
CVE-2025-69419
Stanislav Fort (Aisle Research) found a maliciously crafted PKCS#12 file
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openssl
Version: 1.1.1w-0+deb11u5
CVE ID: CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420
Debian Bug:
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!