CVE-2025-15468
- Source
- https://cve.org/CVERecord?id=CVE-2025-15468
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15468.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-15468
- Downstream
- Related
- Published
- 2026-01-27T16:16:14.400Z
- Modified
- 2026-01-30T22:52:42.223675Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Issue summary: If an application using the SSLCIPHERfind() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.
Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.
Some applications call SSLCIPHERfind() from the clienthellocb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.
As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.
The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.
The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.
OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.
- References
-
- https://openssl-library.org/news/secadv/20260127.txt
- https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65
- https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2
- https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4
- https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7
Affected packages
Git / github.com/openssl/openssl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixed
Affected versions
3.*
3.3-POST-CLANG-FORMAT-WEBKIT
3.3-PRE-CLANG-FORMAT-WEBKIT
3.4-POST-CLANG-FORMAT-WEBKIT
3.4-PRE-CLANG-FORMAT-WEBKIT
3.5-POST-CLANG-FORMAT-WEBKIT
3.5-PRE-CLANG-FORMAT-WEBKIT
3.6-POST-CLANG-FORMAT-WEBKIT
3.6-PRE-CLANG-FORMAT-WEBKIT
Other
BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_1
OpenSSL_1_1_1-pre1
OpenSSL_1_1_1-pre2
OpenSSL_1_1_1-pre3
OpenSSL_1_1_1-pre4
OpenSSL_1_1_1-pre5
OpenSSL_1_1_1-pre6
OpenSSL_1_1_1-pre7
OpenSSL_1_1_1-pre8
OpenSSL_1_1_1-pre9
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat
openssl-3.*
openssl-3.0.0-alpha1
openssl-3.0.0-alpha10
openssl-3.0.0-alpha11
openssl-3.0.0-alpha12
openssl-3.0.0-alpha13
openssl-3.0.0-alpha14
openssl-3.0.0-alpha15
openssl-3.0.0-alpha16
openssl-3.0.0-alpha17
openssl-3.0.0-alpha2
openssl-3.0.0-alpha3
openssl-3.0.0-alpha4
openssl-3.0.0-alpha5
openssl-3.0.0-alpha6
openssl-3.0.0-alpha7
openssl-3.0.0-alpha8
openssl-3.0.0-alpha9
openssl-3.0.0-beta1
openssl-3.0.0-beta2
openssl-3.2.0-alpha1
openssl-3.2.0-alpha2
openssl-3.3.0
openssl-3.3.0-alpha1
openssl-3.3.0-beta1
openssl-3.3.1
openssl-3.3.2
openssl-3.3.3
openssl-3.3.4
openssl-3.3.5
openssl-3.4.0
openssl-3.4.0-alpha1
openssl-3.4.0-beta1
openssl-3.4.1
openssl-3.4.2
openssl-3.4.3
openssl-3.5.0
openssl-3.5.0-alpha1
openssl-3.5.0-beta1
openssl-3.5.1
openssl-3.5.2
openssl-3.5.3
openssl-3.5.4
openssl-3.6.0
openssl-3.6.0-alpha1
openssl-3.6.0-beta1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15468.json"
vanir_signatures
[
{
"source": "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4",
"digest": {
"line_hashes": [
"301174472499023802260295463722541748325",
"238942074834082917347798380654656722229",
"219113749534777150036648988684825655256"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "ssl/quic/quic_impl.c"
},
"id": "CVE-2025-15468-2ba5ff4f"
},
{
"source": "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4",
"digest": {
"length": 172.0,
"function_hash": "15486123516276700958646920012673619227"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "ssl/quic/quic_impl.c",
"function": "ossl_quic_get_cipher_by_char"
},
"id": "CVE-2025-15468-503082ce"
},
{
"source": "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65",
"digest": {
"line_hashes": [
"301174472499023802260295463722541748325",
"238942074834082917347798380654656722229",
"219113749534777150036648988684825655256"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "ssl/quic/quic_impl.c"
},
"id": "CVE-2025-15468-5a74c3f8"
},
{
"source": "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7",
"digest": {
"length": 172.0,
"function_hash": "15486123516276700958646920012673619227"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "ssl/quic/quic_impl.c",
"function": "ossl_quic_get_cipher_by_char"
},
"id": "CVE-2025-15468-6262c36b"
},
{
"source": "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2",
"digest": {
"length": 172.0,
"function_hash": "15486123516276700958646920012673619227"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "ssl/quic/quic_impl.c",
"function": "ossl_quic_get_cipher_by_char"
},
"id": "CVE-2025-15468-646f3586"
},
{
"source": "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65",
"digest": {
"length": 172.0,
"function_hash": "15486123516276700958646920012673619227"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "ssl/quic/quic_impl.c",
"function": "ossl_quic_get_cipher_by_char"
},
"id": "CVE-2025-15468-ca210041"
},
{
"source": "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7",
"digest": {
"line_hashes": [
"301174472499023802260295463722541748325",
"238942074834082917347798380654656722229",
"219113749534777150036648988684825655256"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "ssl/quic/quic_impl.c"
},
"id": "CVE-2025-15468-e36f1b7d"
},
{
"source": "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2",
"digest": {
"line_hashes": [
"301174472499023802260295463722541748325",
"238942074834082917347798380654656722229",
"219113749534777150036648988684825655256"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "ssl/quic/quic_impl.c"
},
"id": "CVE-2025-15468-ef2255bb"
}
]