rpm package
suse/openssl-3&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-15467 | Hig | 8.8 | < 3.0.8-150500.5.57.1 | 3.0.8-150500.5.57.1 | Jan 27, 2026 | Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When | |
| CVE-2025-9230 | Hig | 7.5 | < 3.0.8-150500.5.54.1 | 3.0.8-150500.5.54.1 | Sep 30, 2025 | Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds | |
| CVE-2024-13176 | Med | 4.1 | < 3.0.8-150500.5.51.1 | 3.0.8-150500.5.51.1 | Jan 20, 2025 | Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measurin |
- affected < 3.0.8-150500.5.57.1fixed 3.0.8-150500.5.57.1
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When
- affected < 3.0.8-150500.5.54.1fixed 3.0.8-150500.5.54.1
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds
- affected < 3.0.8-150500.5.51.1fixed 3.0.8-150500.5.51.1
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measurin
Page 2 of 2