VYPR

rpm package

suse/openssl-3-livepatches&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/openssl-3-livepatches&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (6)

  • CVE-2026-45447HigJun 9, 2026
    affected < 0.4-150600.13.11.1fixed 0.4-150600.13.11.1

    Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#

  • CVE-2025-15467HigJan 27, 2026
    affected < 0.4-150600.13.11.1fixed 0.4-150600.13.11.1

    Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When

  • CVE-2025-15468Jan 27, 2026
    affected < 0.4-150600.13.11.1fixed 0.4-150600.13.11.1

    Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process ca

  • CVE-2025-11187Jan 27, 2026
    affected < 0.4-150600.13.11.1fixed 0.4-150600.13.11.1

    Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash

  • CVE-2025-9230HigSep 30, 2025
    affected < 0.2-150600.13.8.1fixed 0.2-150600.13.8.1

    Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds

  • CVE-2024-5535CriJun 27, 2024
    affected < 0.1-150600.13.3.1fixed 0.1-150600.13.3.1

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected appl