CVE-2025-68160

{"id": "CVE-2025-68160", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2026-01-27T16:16:15.900", "references": [{"url": "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", "tags": ["Patch"], "source": "openssl-security@openssl.org"}, {"url": "https://openssl-library.org/news/secadv/20260127.txt", "tags": ["Vendor Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "openssl-security@openssl.org", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."}, {"lang": "es", "value": "Resumen del problema: Escribir datos grandes y sin saltos de l\u00ednea en una cadena BIO usando el filtro de b\u00fafer de l\u00ednea, donde el siguiente BIO realiza escrituras cortas, puede desencadenar una escritura fuera de l\u00edmites basada en el mont\u00f3n.\n\nResumen del impacto: Esta escritura fuera de l\u00edmites puede causar corrupci\u00f3n de memoria, lo que t\u00edpicamente resulta en un fallo, llevando a una denegaci\u00f3n de servicio para una aplicaci\u00f3n.\n\nEl filtro BIO de b\u00fafer de l\u00ednea (BIO_f_linebuffer) no se usa por defecto en las rutas de datos TLS/SSL. En las aplicaciones de l\u00ednea de comandos de OpenSSL, t\u00edpicamente solo se env\u00eda a stdout/stderr en sistemas VMS. Las aplicaciones de terceros que usan expl\u00edcitamente este filtro con una cadena BIO que puede realizar escrituras cortas y que escriben datos grandes y sin saltos de l\u00ednea influenciados por un atacante se ver\u00edan afectadas. Sin embargo, es poco probable que las circunstancias en las que esto podr\u00eda ocurrir est\u00e9n bajo el control del atacante, y es poco probable que BIO_f_linebuffer est\u00e9 manejando datos no curados controlados por un atacante. Por esa raz\u00f3n, el problema fue evaluado como de baja severidad.\n\nLos m\u00f3dulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de BIO est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 y 1.0.2 son vulnerables a este problema."}], "lastModified": "2026-05-12T13:17:24.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A8EC60C-05EC-4886-8C82-63AEF4BDA8D5", "versionEndExcluding": "1.0.2zn", "versionStartIncluding": "1.0.2"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E000B986-6A31-468F-9EA3-B9D16DB16FB2", "versionEndExcluding": "1.1.1ze", "versionStartIncluding": "1.1.1"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA", "versionEndExcluding": "3.0.19", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5292E9E-6B50-409F-9219-7B0A04047AD8", "versionEndExcluding": "3.3.6", "versionStartIncluding": "3.3.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619", "versionEndExcluding": "3.4.4", "versionStartIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62", "versionEndExcluding": "3.5.5", "versionStartIncluding": "3.5.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5", "versionEndExcluding": "3.6.1", "versionStartIncluding": "3.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "openssl-security@openssl.org"}