{"id":208278,"date":"2026-01-29T04:02:00","date_gmt":"2026-01-29T09:02:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/29\/openssl-issued-security-updates-to-fix-12-flaws-including-remote-code-execution\/"},"modified":"2026-01-30T15:55:11","modified_gmt":"2026-01-30T20:55:11","slug":"openssl-issued-security-updates-to-fix-12-flaws-including-remote-code-execution","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/29\/openssl-issued-security-updates-to-fix-12-flaws-including-remote-code-execution\/","title":{"rendered":"OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution"},"content":{"rendered":"

OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution<\/a><\/p>\n

https:\/\/securityaffairs.com\/187445\/security\/openssl-issued-security-updates-to-fix-12-flaws-including-remote-code-execution.html<\/a><\/p>\n

Publish Date: 2026-01-29 04:02:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ January 29, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability.<\/h2>\n

OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw.<\/p>\n

Cybersecurity firm Aisle discovered the twelve vulnerabilities.<\/p>\n

The addressed issues are mainly tied to memory safety, parsing robustness, and resource handling. The flaws include stack and heap overflows in PKCS#12 and CMS parsing, NULL pointer dereferences and type-confusion bugs in ASN.1, PKCS#7, QUIC, and TimeStamp handling that can cause denial of service, and out-of-bounds writes in auxiliary APIs like BIO filters. OpenSSL also corrected a logic bug in the CLI signing tool that failed to fully authenticate large inputs, a TLS 1.3 certificate compression issue that enabled memory exhaustion, and a low-level OCB mode flaw that could leave data partially unprotected.<\/p>\n

The two most severe issues are:<\/p>\n

    \n
  1. CVE\u20112025\u201115467 \u2013 CMS AuthEnvelopedData AEAD IV stack overflow<\/strong> \u2013 A stack buffer overflow in OpenSSL CMS\/PKCS#7 AEAD parsing lets attackers supply an oversized IV that overflows a fixed stack buffer before authentication. The flaw can cause DoS or potentially lead to RCE and affects OpenSSL 3.0\u20133.6 when parsing untrusted AuthEnvelopedData.<\/li>\n
  2. CVE\u20112025\u201111187 \u2013 PBMAC1 in PKCS#12 stack overflow \/ pointer issues<\/strong> \u2013 A validation flaw in OpenSSL PKCS#12 PBMAC1 lets attackers abuse PBKDF2 parameters to overflow a fixed 64-byte stack buffer during MAC verification. The issue can trigger DoS and potentially code execution. It affects OpenSSL 3.4\u20133.6 when parsing untrusted PKCS#12 files.<\/li>\n<\/ol>\n

    Other 2026 issues are assessed as Low severity in the bulletin and are primarily constrained to Denial…<\/p>\n

    Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution https:\/\/securityaffairs.com\/187445\/security\/openssl-issued-security-updates-to-fix-12-flaws-including-remote-code-execution.html Publish Date:…<\/p>\n","protected":false},"author":1,"featured_media":208279,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2015\/03\/openssl.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-208278","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208278"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=208278"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208278\/revisions"}],"predecessor-version":[{"id":208280,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208278\/revisions\/208280"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/208279"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=208278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=208278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=208278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}