INFSA-2025:21255: openssl security update
Information about definition
Identificator: INFSA-2025:21255
Type: security
Release date: 2025-12-01 14:31:56 UTC
Information about package
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Vulnerabilities description
- CVE-2025-9230
OpenSSL could allow a remote attacker to execute arbitrary code or trigger a crash on the system, caused by an out-of-bounds read and write flaw when trying to decrypt CMS messages encrypted using password based encryption.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-9230
|
no information | 5.6 | no information |
Updated packages
Preparing to download...