CVE-2025-69418
- Source
- https://cve.org/CVERecord?id=CVE-2025-69418
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69418.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-69418
- Downstream
- Related
- Published
- 2026-01-27T16:16:33.253Z
- Modified
- 2026-01-29T06:52:46.775546Z
- Summary
- [none]
- Details
-
Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTOocb128encrypt() or CRYPTOocb128decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.
- References
-
- https://openssl-library.org/news/secadv/20260127.txt
- https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc
- https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8
- https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347
- https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae
- https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977
Affected packages
Git / github.com/openssl/openssl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixed
Affected versions
3.*
3.0-POST-CLANG-FORMAT-WEBKIT
3.0-PRE-CLANG-FORMAT-WEBKIT
3.3-POST-CLANG-FORMAT-WEBKIT
3.3-PRE-CLANG-FORMAT-WEBKIT
3.4-POST-CLANG-FORMAT-WEBKIT
3.4-PRE-CLANG-FORMAT-WEBKIT
3.5-POST-CLANG-FORMAT-WEBKIT
3.5-PRE-CLANG-FORMAT-WEBKIT
3.6-POST-CLANG-FORMAT-WEBKIT
3.6-PRE-CLANG-FORMAT-WEBKIT
Other
BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_1
OpenSSL_1_1_1-pre1
OpenSSL_1_1_1-pre2
OpenSSL_1_1_1-pre3
OpenSSL_1_1_1-pre4
OpenSSL_1_1_1-pre5
OpenSSL_1_1_1-pre6
OpenSSL_1_1_1-pre7
OpenSSL_1_1_1-pre8
OpenSSL_1_1_1-pre9
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat
openssl-3.*
openssl-3.0.0
openssl-3.0.0-alpha1
openssl-3.0.0-alpha10
openssl-3.0.0-alpha11
openssl-3.0.0-alpha12
openssl-3.0.0-alpha13
openssl-3.0.0-alpha14
openssl-3.0.0-alpha15
openssl-3.0.0-alpha16
openssl-3.0.0-alpha17
openssl-3.0.0-alpha2
openssl-3.0.0-alpha3
openssl-3.0.0-alpha4
openssl-3.0.0-alpha5
openssl-3.0.0-alpha6
openssl-3.0.0-alpha7
openssl-3.0.0-alpha8
openssl-3.0.0-alpha9
openssl-3.0.0-beta1
openssl-3.0.0-beta2
openssl-3.0.1
openssl-3.0.10
openssl-3.0.11
openssl-3.0.12
openssl-3.0.13
openssl-3.0.14
openssl-3.0.15
openssl-3.0.16
openssl-3.0.17
openssl-3.0.18
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7
openssl-3.0.8
openssl-3.0.9
openssl-3.2.0-alpha1
openssl-3.2.0-alpha2
openssl-3.3.0
openssl-3.3.0-alpha1
openssl-3.3.0-beta1
openssl-3.3.1
openssl-3.3.2
openssl-3.3.3
openssl-3.3.4
openssl-3.3.5
openssl-3.4.0
openssl-3.4.0-alpha1
openssl-3.4.0-beta1
openssl-3.4.1
openssl-3.4.2
openssl-3.4.3
openssl-3.5.0
openssl-3.5.0-alpha1
openssl-3.5.0-beta1
openssl-3.5.1
openssl-3.5.2
openssl-3.5.3
openssl-3.5.4
openssl-3.6.0
openssl-3.6.0-alpha1
openssl-3.6.0-beta1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69418.json"
vanir_signatures
[
{
"source": "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8",
"digest": {
"length": 1702.0,
"function_hash": "185445785273483749724984833071102767629"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_decrypt"
},
"id": "CVE-2025-69418-08832902"
},
{
"source": "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977",
"digest": {
"length": 1702.0,
"function_hash": "185445785273483749724984833071102767629"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_decrypt"
},
"id": "CVE-2025-69418-1bda333c"
},
{
"source": "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae",
"digest": {
"length": 1708.0,
"function_hash": "67874926728490549484321146671346537109"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_encrypt"
},
"id": "CVE-2025-69418-527f5c28"
},
{
"source": "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc",
"digest": {
"length": 1702.0,
"function_hash": "185445785273483749724984833071102767629"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_decrypt"
},
"id": "CVE-2025-69418-5c24e38a"
},
{
"source": "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977",
"digest": {
"length": 1708.0,
"function_hash": "67874926728490549484321146671346537109"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_encrypt"
},
"id": "CVE-2025-69418-5f855e82"
},
{
"source": "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae",
"digest": {
"length": 1702.0,
"function_hash": "185445785273483749724984833071102767629"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_decrypt"
},
"id": "CVE-2025-69418-7d9a390a"
},
{
"source": "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc",
"digest": {
"length": 1708.0,
"function_hash": "67874926728490549484321146671346537109"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_encrypt"
},
"id": "CVE-2025-69418-8228622a"
},
{
"source": "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977",
"digest": {
"line_hashes": [
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"209781887423790042939763076475837683439",
"292894951856751270551239781398053681932",
"329823596363538096967543096246007581368",
"214407332637080168111808823571239657618",
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"59921997238140753290980657393750528770",
"135778423311849627130467981960244066007",
"49532393773878600690299702915211731069",
"316169392909083908323761348185442938826"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/modes/ocb128.c"
},
"id": "CVE-2025-69418-89e7734a"
},
{
"source": "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347",
"digest": {
"line_hashes": [
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"209781887423790042939763076475837683439",
"292894951856751270551239781398053681932",
"329823596363538096967543096246007581368",
"214407332637080168111808823571239657618",
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"59921997238140753290980657393750528770",
"135778423311849627130467981960244066007",
"49532393773878600690299702915211731069",
"316169392909083908323761348185442938826"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/modes/ocb128.c"
},
"id": "CVE-2025-69418-a4b396e5"
},
{
"source": "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae",
"digest": {
"line_hashes": [
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"209781887423790042939763076475837683439",
"292894951856751270551239781398053681932",
"329823596363538096967543096246007581368",
"214407332637080168111808823571239657618",
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"59921997238140753290980657393750528770",
"135778423311849627130467981960244066007",
"49532393773878600690299702915211731069",
"316169392909083908323761348185442938826"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/modes/ocb128.c"
},
"id": "CVE-2025-69418-b8067e20"
},
{
"source": "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8",
"digest": {
"length": 1708.0,
"function_hash": "67874926728490549484321146671346537109"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_encrypt"
},
"id": "CVE-2025-69418-cb957352"
},
{
"source": "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8",
"digest": {
"line_hashes": [
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"209781887423790042939763076475837683439",
"292894951856751270551239781398053681932",
"329823596363538096967543096246007581368",
"214407332637080168111808823571239657618",
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"59921997238140753290980657393750528770",
"135778423311849627130467981960244066007",
"49532393773878600690299702915211731069",
"316169392909083908323761348185442938826"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/modes/ocb128.c"
},
"id": "CVE-2025-69418-d0e93e49"
},
{
"source": "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc",
"digest": {
"line_hashes": [
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"209781887423790042939763076475837683439",
"292894951856751270551239781398053681932",
"329823596363538096967543096246007581368",
"214407332637080168111808823571239657618",
"219312396776272628301550969147505933452",
"36863883106600888632231627357013139699",
"311903940445207926165782571512644788270",
"321969164060885062804476022880404654026",
"59921997238140753290980657393750528770",
"135778423311849627130467981960244066007",
"49532393773878600690299702915211731069",
"316169392909083908323761348185442938826"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/modes/ocb128.c"
},
"id": "CVE-2025-69418-e518bb26"
},
{
"source": "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347",
"digest": {
"length": 1702.0,
"function_hash": "185445785273483749724984833071102767629"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_decrypt"
},
"id": "CVE-2025-69418-e53d9018"
},
{
"source": "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347",
"digest": {
"length": 1708.0,
"function_hash": "67874926728490549484321146671346537109"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/modes/ocb128.c",
"function": "CRYPTO_ocb128_encrypt"
},
"id": "CVE-2025-69418-f2f2cfec"
}
]