{ "threat_severity" : "Low", "public_date" : "2026-01-27T00:00:00Z", "bugzilla" : { "description" : "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling", "id" : "2430377", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2430377" }, "cvss3" : { "cvss3_base_score" : "5.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS)." ], "statement" : "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1472", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "openssl-1:3.5.1-7.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1473", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "openssl-1:3.5.1-7.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1473", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "openssl-1:3.5.1-7.el9_7" }, { "product_name" : "Cost Management 4", "release_date" : "2026-02-24T00:00:00Z", "advisory" : "RHSA-2026:3228", "cpe" : "cpe:/a:redhat:cost_management:4::el9", "package" : "costmanagement/costmanagement-metrics-rhel9-operator:sha256:1dd05671a8614a4354d9ebf94673f9e1bfd7a38af7052c2a4b9a25264f3ee4e1" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1736", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-server-rhel9:sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1736", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-ui-rhel9:sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6" }, { "product_name" : "Red Hat Insights proxy 1.5", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2485", "cpe" : "cpe:/a:redhat:insights_proxy:1.5::el9", "package" : "insights-proxy/insights-proxy-container-rhel9:sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2563", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/installer-rhel9:sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/cds-rhel9:sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/haproxy-rhel9:sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/rhua-rhel9:sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "edk2", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "shim", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "shim-unsigned-aarch64", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "shim-unsigned-x64", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Fix deferred", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "ovmf", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "compat-openssl10", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "edk2", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "mingw-openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "shim", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "shim-unsigned-x64", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "compat-openssl11", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "edk2", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "shim", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "shim-unsigned-aarch64", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "shim-unsigned-x64", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat JBoss Core Services", "fix_state" : "Fix deferred", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_core_services:1" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-15468\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15468" ], "name" : "CVE-2025-15468", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang" : "en:us" }, "csaw" : false }