rpm package
almalinux/compat-openssl11
pkg:rpm/almalinux/compat-openssl11
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-28390 | Hig | 7.5 | < 1:1.1.1k-5.el9_8.3 | 1:1.1.1k-5.el9_8.3 | Apr 7, 2026 | Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur | |
| CVE-2025-69419 | Hig | 7.4 | < 1:1.1.1k-5.el9_8.2 | 1:1.1.1k-5.el9_8.2 | Jan 27, 2026 | Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cau | |
| CVE-2023-0286 | Hig | 7.4 | < 1:1.1.1k-5.el9_6.1 | 1:1.1.1k-5.el9_6.1 | Feb 8, 2023 | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This |
- affected < 1:1.1.1k-5.el9_8.3fixed 1:1.1.1k-5.el9_8.3
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur
- affected < 1:1.1.1k-5.el9_8.2fixed 1:1.1.1k-5.el9_8.2
Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cau
- affected < 1:1.1.1k-5.el9_6.1fixed 1:1.1.1k-5.el9_6.1
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This