DEBIAN-CVE-2025-69418

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-69418
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69418.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-69418
Upstream
Downstream
Published
2026-01-27T16:16:33.253Z
Modified
2026-01-30T11:18:25.212834Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTOocb128encrypt() or CRYPTOocb128decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.

References

Affected packages

Debian:11 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1k-1
1.1.1k-1+deb11u1
1.1.1k-1+deb11u2
1.1.1l-1
1.1.1m-0+deb11u1
1.1.1m-1
1.1.1n-0+deb11u1
1.1.1n-0+deb11u2
1.1.1n-0+deb11u3
1.1.1n-0+deb11u4
1.1.1n-0+deb11u5
1.1.1n-0+deb11u6
1.1.1n-1
1.1.1o-1
1.1.1v-0~deb11u1
1.1.1w-0~deb11u1
1.1.1w-0+deb11u1
1.1.1w-0+deb11u2
1.1.1w-0+deb11u3
1.1.1w-0+deb11u4

3.*

3.0.0~~alpha1-1
3.0.0~~alpha3-1
3.0.0~~alpha4-1
3.0.0~~alpha13-1
3.0.0~~alpha13-2
3.0.0~~alpha15-1
3.0.0~~alpha16-1
3.0.0~~beta1-1
3.0.0~~beta2-1
3.0.0-1
3.0.1-1
3.0.2-1
3.0.3-1
3.0.3-2
3.0.3-2+ia64
3.0.3-3
3.0.3-4
3.0.3-5
3.0.3-6
3.0.3-7
3.0.3-8
3.0.4-1
3.0.4-2
3.0.5-1
3.0.5-2
3.0.5-3
3.0.5-4
3.0.7-1
3.0.7-2
3.0.8-1
3.0.9-1
3.0.10-1~deb12u1
3.0.10-1
3.0.11-1~deb12u1
3.0.11-1~deb12u2
3.0.11-1
3.0.12-1
3.0.12-2
3.0.13-1~deb12u1
3.0.13-1~deb12u2
3.0.14-1~deb12u1
3.0.14-1~deb12u2
3.0.15-1~deb12u1
3.0.16-1~deb12u1
3.0.17-1~deb12u1
3.0.17-1~deb12u2
3.0.17-1~deb12u3
3.0.18-1~deb12u1
3.0.18-1~deb12u2
3.1.0-1
3.1.1-1
3.1.2-1
3.1.3-1
3.1.4-1
3.1.4-2
3.1.5-1
3.1.5-1.1
3.1.5-1.1+hurd.1
3.2.0-1
3.2.0-2
3.2.1-1
3.2.1-1.1~exp1
3.2.1-2
3.2.1-3
3.2.2-1
3.3.0~beta1-1
3.3.0-1
3.3.1-1
3.3.1-2
3.3.1-5
3.3.1-6
3.3.1-7
3.3.2-1
3.3.2-2
3.4.0~~beta1-1
3.4.0~~beta1-2
3.4.0-1
3.4.0-2
3.4.1-1
3.5.0~~alpha1-1
3.5.0~~beta1-1
3.5.0-1
3.5.0-2
3.5.0-3
3.5.1-1
3.5.2-1
3.5.3-1
3.5.4-1~deb13u1
3.5.4-1~deb13u2
3.5.4-1
3.5.5-1
3.6.0~~alpha1-1
3.6.0~~beta1-1
3.6.0-1
3.6.0-2
3.6.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69418.json"

Debian:12 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.18-1~deb12u2

Affected versions

3.*

3.0.9-1
3.0.10-1~deb12u1
3.0.10-1
3.0.11-1~deb12u1
3.0.11-1~deb12u2
3.0.11-1
3.0.12-1
3.0.12-2
3.0.13-1~deb12u1
3.0.13-1~deb12u2
3.0.14-1~deb12u1
3.0.14-1~deb12u2
3.0.15-1~deb12u1
3.0.16-1~deb12u1
3.0.17-1~deb12u1
3.0.17-1~deb12u2
3.0.17-1~deb12u3
3.0.18-1~deb12u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69418.json"

Debian:13 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.4-1~deb13u2

Affected versions

3.*

3.5.1-1
3.5.1-1+deb13u1
3.5.2-1
3.5.3-1
3.5.4-1~deb13u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69418.json"

Debian:14 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.1-1
3.5.2-1
3.5.3-1
3.5.4-1~deb13u1
3.5.4-1~deb13u2
3.5.4-1
3.5.5-1
3.6.0~~alpha1-1
3.6.0~~beta1-1
3.6.0-1
3.6.0-2
3.6.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69418.json"