{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "3.1.8.tuxcare.els1-r0:\n - CVE-2025-15467\n - CVE-2025-69419\n - CVE-2025-69421", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771263055", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771263055" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/alpinelinux3.18els/advisories/2026/clsa-2026_1771263055.json" } ], "tracking": { "current_release_date": "2026-02-16T17:32:08Z", "generator": { "date": "2026-02-16T17:32:08Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1771263055", "initial_release_date": "2026-02-16T17:32:08Z", "revision_history": [ { "date": "2026-02-16T17:32:08Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "openssl: Fix of 3 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Alpine Linux 3.18", "product": { "name": "Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18", "product_identification_helper": { "cpe": "cpe:2.3:o:alpinelinux:alpine_linux:3.18:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Alpine Linux" } ], "category": "vendor", "name": "Alpine Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "product": { "name": "libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "product_id": "libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcrypto3@3.1.8.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "product": { "name": "libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "product_id": "libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libssl3@3.1.8.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "product": { "name": "openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "product_id": "openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/openssl-dev@3.1.8.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64", "product": { "name": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64", "product_id": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/openssl-libs-static@3.1.8.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "product": { "name": "openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "product_id": "openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/openssl-doc@3.1.8.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-3.1.8.tuxcare.els1-rr0.x86_64", "product": { "name": "openssl-3.1.8.tuxcare.els1-rr0.x86_64", "product_id": "openssl-3.1.8.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/openssl@3.1.8.tuxcare.els1-rr0?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "product": { "name": "libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "product_id": "libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcrypto3@3.1.8.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "product": { "name": "libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "product_id": "libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libssl3@3.1.8.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "product": { "name": "openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "product_id": "openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/openssl-dev@3.1.8.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "product": { "name": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "product_id": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/openssl-libs-static@3.1.8.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "product": { "name": "openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "product_id": "openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/openssl-doc@3.1.8.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "openssl-3.1.8.tuxcare.els1-rr0.aarch64", "product": { "name": "openssl-3.1.8.tuxcare.els1-rr0.aarch64", "product_id": "openssl-3.1.8.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/openssl@3.1.8.tuxcare.els1-rr0?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64" }, "product_reference": "libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64" }, "product_reference": "libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libssl3-3.1.8.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64" }, "product_reference": "libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libssl3-3.1.8.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64" }, "product_reference": "libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64" }, "product_reference": "openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64" }, "product_reference": "openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64" }, "product_reference": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" }, "product_reference": "openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64" }, "product_reference": "openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64" }, "product_reference": "openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-3.1.8.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64" }, "product_reference": "openssl-3.1.8.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-3.1.8.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64" }, "product_reference": "openssl-3.1.8.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-15467", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-15467" } ], "release_date": "2026-01-27T14:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T17:30:58.564999Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771263055", "product_ids": [ "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771263055" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2025-69419", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "description", "text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\nOpenSSL 1.0.2 is not affected by this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-69419" } ], "release_date": "2026-01-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T17:30:58.564999Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771263055", "product_ids": [ "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771263055" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-69421", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-69421" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "url": "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "url": "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "url": "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "url": "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "url": "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c" }, { "category": "external", "summary": "https://openssl-library.org/news/secadv/20260127.txt", "url": "https://openssl-library.org/news/secadv/20260127.txt" } ], "release_date": "2026-01-27T16:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T17:30:58.564999Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771263055", "product_ids": [ "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771263055" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcrypto3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libssl3-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-dev-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-doc-3.1.8.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:openssl-libs-static-3.1.8.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }