{ "threat_severity" : "Important", "public_date" : "2026-01-27T14:00:00Z", "bugzilla" : { "description" : "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "id" : "2430376", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2430376" }, "cvss3" : { "cvss3_base_score" : "9.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-120", "details" : [ "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution." ], "statement" : "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1472", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "openssl-1:3.5.1-7.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1496", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "openssl-1:3.2.2-16.el10_0.6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1473", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "openssl-1:3.5.1-7.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1473", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "openssl-1:3.5.1-7.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1733", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "openssl-1:3.0.1-46.el9_0.7" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-01-29T00:00:00Z", "advisory" : "RHSA-2026:1594", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "openssl-1:3.0.7-18.el9_2.3" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-29T00:00:00Z", "advisory" : "RHSA-2026:1519", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "openssl-1:3.0.7-29.el9_4.2" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1503", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "openssl-1:3.2.2-7.el9_6.2" }, { "product_name" : "Red Hat JBoss Core Services 2.4.62.SP3", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:2995", "cpe" : "cpe:/a:redhat:jboss_core_services:1", "package" : "openssl" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3415", "cpe" : "cpe:/a:redhat:openshift:4.13::el9", "package" : "rhcos-413.92.202602240113-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2026-02-26T00:00:00Z", "advisory" : "RHSA-2026:2974", "cpe" : "cpe:/a:redhat:openshift:4.14::el9", "package" : "rhcos-414.92.202602171627-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2026-03-19T00:00:00Z", "advisory" : "RHSA-2026:4419", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "rhcos-415.92.202603101737-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2026-02-18T00:00:00Z", "advisory" : "RHSA-2026:2659", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "rhcos-416.94.202602101357-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2026-02-18T00:00:00Z", "advisory" : "RHSA-2026:2671", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "rhcos-417.94.202602090846-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2072", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "rhcos-418.94.202602022246-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.19", "release_date" : "2026-02-18T00:00:00Z", "advisory" : "RHSA-2026:2633", "cpe" : "cpe:/a:redhat:openshift:4.19::el9", "package" : "rhcos-4.19.9.6.202602112047-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.20", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2077", "cpe" : "cpe:/a:redhat:openshift:4.20::el9", "package" : "rhcos-4.20.9.6.202602050328-0" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6481", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-config-sync-rhel9:1.8.8-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6481", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-controller-podman-container-rhel9:1.8.8-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6481", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-controller-podman-rhel9:1.8.8-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6481", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-flow-collector-rhel9:1.8.8-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6481", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-operator-bundle:1.8.8-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6481", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-router-rhel9:2.7.6-5" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6481", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-service-controller-rhel9:1.8.8-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6481", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-site-controller-rhel9:1.8.8-1" }, { "product_name" : "Cost Management 4", "release_date" : "2026-02-24T00:00:00Z", "advisory" : "RHSA-2026:3228", "cpe" : "cpe:/a:redhat:cost_management:4::el9", "package" : "costmanagement/costmanagement-metrics-rhel9-operator:sha256:1dd05671a8614a4354d9ebf94673f9e1bfd7a38af7052c2a4b9a25264f3ee4e1" }, { "product_name" : "Red Hat AI Inference Server 3.2", "release_date" : "2026-02-27T00:00:00Z", "advisory" : "RHSA-2026:3461", "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9", "package" : "rhaiis/vllm-cuda-rhel9:sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7" }, { "product_name" : "Red Hat AI Inference Server 3.2", "release_date" : "2026-02-27T00:00:00Z", "advisory" : "RHSA-2026:3462", "cpe" : "cpe:/a:redhat:ai_inference_server:3.2::el9", "package" : "rhaiis/vllm-rocm-rhel9:sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1736", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-server-rhel9:sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1736", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-ui-rhel9:sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6" }, { "product_name" : "Red Hat Insights proxy 1.5", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2485", "cpe" : "cpe:/a:redhat:insights_proxy:1.5::el9", "package" : "insights-proxy/insights-proxy-container-rhel9:sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/code-sshd-rhel9:sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/configbump-rhel9:sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/dashboard-rhel9:sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/devspaces-rhel9-operator:sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/imagepuller-rhel9:sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/jetbrains-ide-rhel9:sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/machineexec-rhel9:sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/openvsx-rhel9:sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/pluginregistry-rhel9:sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2844", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/traefik-rhel9:sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2563", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/installer-rhel9:sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/cds-rhel9:sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/haproxy-rhel9:sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/rhua-rhel9:sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "edk2", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "shim", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "shim-unsigned-aarch64", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "shim-unsigned-x64", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "ovmf", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "compat-openssl10", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "edk2", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "mingw-openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "shim", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "shim-unsigned-x64", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "compat-openssl11", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "edk2", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "shim", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "shim-unsigned-aarch64", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "shim-unsigned-x64", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-15467\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15467" ], "name" : "CVE-2025-15467", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang" : "en:us" }, "csaw" : false }