CVE-2025-66199

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-66199
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66199.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-66199
Downstream
Related
Published
2026-01-27T16:16:15.777Z
Modified
2026-01-30T22:52:56.717149Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit.

Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service).

In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the maxcertlist setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs.

This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSLNOCOMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks.

Users can mitigate this issue by setting SSLOPNORXCERTIFICATE_COMPRESSION to disable receiving compressed certificates.

The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.

OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3ed1f75249932b155eef993a8e66a99cb98bfef4
Fixed
6184a4fb08ee6d7bca570d931a4e8bef40b64451
Fixed
895150b5e021d16b52fb32b97e1dd12f20448be5
Fixed
966a2478046c311ed7dae50c457d0db4cafbf7e4

Affected versions

3.*

3.3-POST-CLANG-FORMAT-WEBKIT
3.3-PRE-CLANG-FORMAT-WEBKIT
3.4-POST-CLANG-FORMAT-WEBKIT
3.4-PRE-CLANG-FORMAT-WEBKIT
3.5-POST-CLANG-FORMAT-WEBKIT
3.5-PRE-CLANG-FORMAT-WEBKIT
3.6-POST-CLANG-FORMAT-WEBKIT
3.6-PRE-CLANG-FORMAT-WEBKIT

Other

BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_1
OpenSSL_1_1_1-pre1
OpenSSL_1_1_1-pre2
OpenSSL_1_1_1-pre3
OpenSSL_1_1_1-pre4
OpenSSL_1_1_1-pre5
OpenSSL_1_1_1-pre6
OpenSSL_1_1_1-pre7
OpenSSL_1_1_1-pre8
OpenSSL_1_1_1-pre9
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat

openssl-3.*

openssl-3.0.0-alpha1
openssl-3.0.0-alpha10
openssl-3.0.0-alpha11
openssl-3.0.0-alpha12
openssl-3.0.0-alpha13
openssl-3.0.0-alpha14
openssl-3.0.0-alpha15
openssl-3.0.0-alpha16
openssl-3.0.0-alpha17
openssl-3.0.0-alpha2
openssl-3.0.0-alpha3
openssl-3.0.0-alpha4
openssl-3.0.0-alpha5
openssl-3.0.0-alpha6
openssl-3.0.0-alpha7
openssl-3.0.0-alpha8
openssl-3.0.0-alpha9
openssl-3.0.0-beta1
openssl-3.0.0-beta2
openssl-3.2.0-alpha1
openssl-3.2.0-alpha2
openssl-3.3.0
openssl-3.3.0-alpha1
openssl-3.3.0-beta1
openssl-3.3.1
openssl-3.3.2
openssl-3.3.3
openssl-3.3.4
openssl-3.3.5
openssl-3.4.0
openssl-3.4.0-alpha1
openssl-3.4.0-beta1
openssl-3.4.1
openssl-3.4.2
openssl-3.4.3
openssl-3.5.0
openssl-3.5.0-alpha1
openssl-3.5.0-beta1
openssl-3.5.1
openssl-3.5.2
openssl-3.5.3
openssl-3.5.4
openssl-3.6.0
openssl-3.6.0-alpha1
openssl-3.6.0-beta1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66199.json"

vanir_signatures

[
    {
        "source": "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4",
        "digest": {
            "length": 1935.0,
            "function_hash": "270485391765080273460682519899044817772"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "ssl/statem/statem_lib.c",
            "function": "tls13_process_compressed_certificate"
        },
        "id": "CVE-2025-66199-041c93f5"
    },
    {
        "source": "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4",
        "digest": {
            "length": 1935.0,
            "function_hash": "270485391765080273460682519899044817772"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "ssl/statem/statem_lib.c",
            "function": "tls13_process_compressed_certificate"
        },
        "id": "CVE-2025-66199-4a813541"
    },
    {
        "source": "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4",
        "digest": {
            "line_hashes": [
                "66607492443430939978305191189939209227",
                "101694548830843370236280315125918310514",
                "169610416281181750290629559376093970964"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "ssl/statem/statem_lib.c"
        },
        "id": "CVE-2025-66199-51b53a28"
    },
    {
        "source": "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451",
        "digest": {
            "line_hashes": [
                "66607492443430939978305191189939209227",
                "101694548830843370236280315125918310514",
                "169610416281181750290629559376093970964"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "ssl/statem/statem_lib.c"
        },
        "id": "CVE-2025-66199-c90fdcc3"
    },
    {
        "source": "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5",
        "digest": {
            "length": 1935.0,
            "function_hash": "270485391765080273460682519899044817772"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "ssl/statem/statem_lib.c",
            "function": "tls13_process_compressed_certificate"
        },
        "id": "CVE-2025-66199-cf35db1d"
    },
    {
        "source": "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4",
        "digest": {
            "line_hashes": [
                "66607492443430939978305191189939209227",
                "101694548830843370236280315125918310514",
                "169610416281181750290629559376093970964"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "ssl/statem/statem_lib.c"
        },
        "id": "CVE-2025-66199-f67dd36f"
    },
    {
        "source": "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451",
        "digest": {
            "length": 1955.0,
            "function_hash": "82643088808423643955393758377693009659"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "ssl/statem/statem_lib.c",
            "function": "tls13_process_compressed_certificate"
        },
        "id": "CVE-2025-66199-f9443673"
    },
    {
        "source": "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5",
        "digest": {
            "line_hashes": [
                "66607492443430939978305191189939209227",
                "101694548830843370236280315125918310514",
                "169610416281181750290629559376093970964"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "ssl/statem/statem_lib.c"
        },
        "id": "CVE-2025-66199-fbbbd1ad"
    }
]