rpm package
suse/openssl-3&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP6
pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-69418 | Med | 4.0 | < 3.1.4-150600.5.42.1 | 3.1.4-150600.5.42.1 | Jan 27, 2026 | Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes | |
| CVE-2025-68160 | Med | 4.7 | < 3.1.4-150600.5.42.1 | 3.1.4-150600.5.42.1 | Jan 27, 2026 | Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in | |
| CVE-2025-15467 | Hig | 8.8 | < 3.1.4-150600.5.42.1 | 3.1.4-150600.5.42.1 | Jan 27, 2026 | Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When |
- affected < 3.1.4-150600.5.42.1fixed 3.1.4-150600.5.42.1
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes
- affected < 3.1.4-150600.5.42.1fixed 3.1.4-150600.5.42.1
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in
- affected < 3.1.4-150600.5.42.1fixed 3.1.4-150600.5.42.1
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When
Page 2 of 2