UBUNTU-CVE-2025-9230

Source
https://ubuntu.com/security/CVE-2025-9230
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9230.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-9230
Upstream
Downstream
Related
Published
2025-09-30T00:00:00Z
Modified
2025-10-02T05:17:53Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

References

Affected packages

Ubuntu:22.04:LTS

edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2@2022.02-3ubuntu0.22.04.3?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.08~rc0-2
2021.08-3
2021.11~rc1-1
2021.11-1
2021.11-2

2022.*

2022.02~rc1-1
2022.02~rc1-1ubuntu1
2022.02-1
2022.02-2
2022.02-3
2022.02-3ubuntu0.22.04.1
2022.02-3ubuntu0.22.04.2
2022.02-3ubuntu0.22.04.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ovmf",
            "binary_version": "2022.02-3ubuntu0.22.04.3"
        },
        {
            "binary_name": "ovmf-ia32",
            "binary_version": "2022.02-3ubuntu0.22.04.3"
        },
        {
            "binary_name": "qemu-efi",
            "binary_version": "2022.02-3ubuntu0.22.04.3"
        },
        {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "2022.02-3ubuntu0.22.04.3"
        },
        {
            "binary_name": "qemu-efi-arm",
            "binary_version": "2022.02-3ubuntu0.22.04.3"
        }
    ]
}

nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.6?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.22.5~dfsg-5ubuntu1
12.22.7~dfsg-2ubuntu1
12.22.7~dfsg-2ubuntu3
12.22.9~dfsg-1ubuntu2
12.22.9~dfsg-1ubuntu3
12.22.9~dfsg-1ubuntu3.1
12.22.9~dfsg-1ubuntu3.2
12.22.9~dfsg-1ubuntu3.3
12.22.9~dfsg-1ubuntu3.4
12.22.9~dfsg-1ubuntu3.5
12.22.9~dfsg-1ubuntu3.6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnode-dev",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6"
        },
        {
            "binary_name": "libnode72",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6"
        },
        {
            "binary_name": "nodejs",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6"
        }
    ]
}

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.2-0ubuntu1.20

Affected versions

1.*

1.1.1l-1ubuntu1

3.*

3.0.0-1ubuntu1
3.0.1-0ubuntu1
3.0.2-0ubuntu1
3.0.2-0ubuntu1.1
3.0.2-0ubuntu1.2
3.0.2-0ubuntu1.4
3.0.2-0ubuntu1.5
3.0.2-0ubuntu1.6
3.0.2-0ubuntu1.7
3.0.2-0ubuntu1.8
3.0.2-0ubuntu1.9
3.0.2-0ubuntu1.10
3.0.2-0ubuntu1.12
3.0.2-0ubuntu1.13
3.0.2-0ubuntu1.14
3.0.2-0ubuntu1.15
3.0.2-0ubuntu1.16
3.0.2-0ubuntu1.17
3.0.2-0ubuntu1.18
3.0.2-0ubuntu1.19

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "3.0.2-0ubuntu1.20"
        },
        {
            "binary_name": "libssl3",
            "binary_version": "3.0.2-0ubuntu1.20"
        },
        {
            "binary_name": "openssl",
            "binary_version": "3.0.2-0ubuntu1.20"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:24.04:LTS

edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2@2024.02-2ubuntu0.4?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.05-2
2023.11-2
2023.11-3
2023.11-4
2023.11-5
2023.11-6
2023.11-8

2024.*

2024.02-1
2024.02-2
2024.02-2ubuntu0.1
2024.02-2ubuntu0.3
2024.02-2ubuntu0.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "efi-shell-aa64",
            "binary_version": "2024.02-2ubuntu0.4"
        },
        {
            "binary_name": "efi-shell-arm",
            "binary_version": "2024.02-2ubuntu0.4"
        },
        {
            "binary_name": "efi-shell-ia32",
            "binary_version": "2024.02-2ubuntu0.4"
        },
        {
            "binary_name": "efi-shell-riscv64",
            "binary_version": "2024.02-2ubuntu0.4"
        },
        {
            "binary_name": "efi-shell-x64",
            "binary_version": "2024.02-2ubuntu0.4"
        },
        {
            "binary_name": "ovmf",
            "binary_version": "2024.02-2ubuntu0.4"
        },
        {
            "binary_name": "ovmf-ia32",
            "binary_version": "2024.02-2ubuntu0.4"
        },
        {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "2024.02-2ubuntu0.4"
        },
        {
            "binary_name": "qemu-efi-arm",
            "binary_version": "2024.02-2ubuntu0.4"
        },
        {
            "binary_name": "qemu-efi-riscv64",
            "binary_version": "2024.02-2ubuntu0.4"
        }
    ]
}

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.6?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.13-0ubuntu3.6

Affected versions

3.*

3.0.10-1ubuntu2
3.0.10-1ubuntu2.1
3.0.10-1ubuntu3
3.0.10-1ubuntu4
3.0.13-0ubuntu2
3.0.13-0ubuntu3
3.0.13-0ubuntu3.1
3.0.13-0ubuntu3.2
3.0.13-0ubuntu3.3
3.0.13-0ubuntu3.4
3.0.13-0ubuntu3.5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "3.0.13-0ubuntu3.6"
        },
        {
            "binary_name": "libssl3t64",
            "binary_version": "3.0.13-0ubuntu3.6"
        },
        {
            "binary_name": "openssl",
            "binary_version": "3.0.13-0ubuntu3.6"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:25.04

edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2@2025.02-3ubuntu2.1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2024.*

2024.05-2ubuntu0.1
2024.08-4
2024.11-1
2024.11-2
2024.11-5

2025.*

2025.02-3ubuntu1
2025.02-3ubuntu2
2025.02-3ubuntu2.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "efi-shell-aa64",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "efi-shell-arm",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "efi-shell-ia32",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "efi-shell-loongarch64",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "efi-shell-riscv64",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "efi-shell-x64",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "ovmf",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "ovmf-ia32",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "qemu-efi-arm",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "qemu-efi-loongarch64",
            "binary_version": "2025.02-3ubuntu2.1"
        },
        {
            "binary_name": "qemu-efi-riscv64",
            "binary_version": "2025.02-3ubuntu2.1"
        }
    ]
}

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@3.4.1-1ubuntu4?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.1-1ubuntu4

Affected versions

3.*

3.3.1-2ubuntu2
3.4.0-1ubuntu2
3.4.1-1ubuntu1
3.4.1-1ubuntu2
3.4.1-1ubuntu3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "3.4.1-1ubuntu4"
        },
        {
            "binary_name": "libssl3t64",
            "binary_version": "3.4.1-1ubuntu4"
        },
        {
            "binary_name": "openssl",
            "binary_version": "3.4.1-1ubuntu4"
        },
        {
            "binary_name": "openssl-provider-legacy",
            "binary_version": "3.4.1-1ubuntu4"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:Pro:14.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.27+esm11?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1f-1ubuntu2.27+esm11

Affected versions

1.*

1.0.1e-3ubuntu1
1.0.1e-4ubuntu1
1.0.1e-4ubuntu2
1.0.1e-4ubuntu3
1.0.1e-4ubuntu4
1.0.1f-1ubuntu1
1.0.1f-1ubuntu2
1.0.1f-1ubuntu2.1
1.0.1f-1ubuntu2.2
1.0.1f-1ubuntu2.3
1.0.1f-1ubuntu2.4
1.0.1f-1ubuntu2.5
1.0.1f-1ubuntu2.7
1.0.1f-1ubuntu2.8
1.0.1f-1ubuntu2.11
1.0.1f-1ubuntu2.12
1.0.1f-1ubuntu2.15
1.0.1f-1ubuntu2.16
1.0.1f-1ubuntu2.17
1.0.1f-1ubuntu2.18
1.0.1f-1ubuntu2.19
1.0.1f-1ubuntu2.20
1.0.1f-1ubuntu2.21
1.0.1f-1ubuntu2.22
1.0.1f-1ubuntu2.23
1.0.1f-1ubuntu2.24
1.0.1f-1ubuntu2.25
1.0.1f-1ubuntu2.26
1.0.1f-1ubuntu2.27
1.0.1f-1ubuntu2.27+esm1
1.0.1f-1ubuntu2.27+esm2
1.0.1f-1ubuntu2.27+esm3
1.0.1f-1ubuntu2.27+esm4
1.0.1f-1ubuntu2.27+esm5
1.0.1f-1ubuntu2.27+esm6
1.0.1f-1ubuntu2.27+esm7
1.0.1f-1ubuntu2.27+esm9
1.0.1f-1ubuntu2.27+esm10

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.0.1f-1ubuntu2.27+esm11"
        },
        {
            "binary_name": "libssl1.0.0",
            "binary_version": "1.0.1f-1ubuntu2.27+esm11"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.0.1f-1ubuntu2.27+esm11"
        }
    ],
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"
}

Ubuntu:Pro:16.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.20+esm13?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.20+esm13

Affected versions

1.*

1.0.2d-0ubuntu1
1.0.2d-0ubuntu2
1.0.2e-1ubuntu1
1.0.2f-2ubuntu1
1.0.2g-1ubuntu2
1.0.2g-1ubuntu3
1.0.2g-1ubuntu4
1.0.2g-1ubuntu4.1
1.0.2g-1ubuntu4.2
1.0.2g-1ubuntu4.4
1.0.2g-1ubuntu4.5
1.0.2g-1ubuntu4.6
1.0.2g-1ubuntu4.8
1.0.2g-1ubuntu4.9
1.0.2g-1ubuntu4.10
1.0.2g-1ubuntu4.11
1.0.2g-1ubuntu4.12
1.0.2g-1ubuntu4.13
1.0.2g-1ubuntu4.14
1.0.2g-1ubuntu4.15
1.0.2g-1ubuntu4.16
1.0.2g-1ubuntu4.17
1.0.2g-1ubuntu4.18
1.0.2g-1ubuntu4.19
1.0.2g-1ubuntu4.20
1.0.2g-1ubuntu4.20+esm1
1.0.2g-1ubuntu4.20+esm2
1.0.2g-1ubuntu4.20+esm3
1.0.2g-1ubuntu4.20+esm4
1.0.2g-1ubuntu4.20+esm5
1.0.2g-1ubuntu4.20+esm6
1.0.2g-1ubuntu4.20+esm7
1.0.2g-1ubuntu4.20+esm9
1.0.2g-1ubuntu4.20+esm10
1.0.2g-1ubuntu4.20+esm11
1.0.2g-1ubuntu4.20+esm12

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.0.2g-1ubuntu4.20+esm13"
        },
        {
            "binary_name": "libssl1.0.0",
            "binary_version": "1.0.2g-1ubuntu4.20+esm13"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.0.2g-1ubuntu4.20+esm13"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2@0~20160408.ffea0a2c-2ubuntu0.2+esm3?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20150106.*

0~20150106.5c2d456b-2

0~20160104.*

0~20160104.c2a892d7-1

0~20160408.*

0~20160408.ffea0a2c-2
0~20160408.ffea0a2c-2ubuntu0.1
0~20160408.ffea0a2c-2ubuntu0.2
0~20160408.ffea0a2c-2ubuntu0.2+esm1
0~20160408.ffea0a2c-2ubuntu0.2+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ovmf",
            "binary_version": "0~20160408.ffea0a2c-2ubuntu0.2+esm3"
        },
        {
            "binary_name": "qemu-efi",
            "binary_version": "0~20160408.ffea0a2c-2ubuntu0.2+esm3"
        }
    ]
}

nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs@4.2.6~dfsg-1ubuntu4.2+esm3?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.25~dfsg2-2ubuntu1

4.*

4.2.2~dfsg-1
4.2.3~dfsg-1
4.2.4~dfsg-1ubuntu1
4.2.4~dfsg-2
4.2.6~dfsg-1ubuntu1
4.2.6~dfsg-1ubuntu4
4.2.6~dfsg-1ubuntu4.1
4.2.6~dfsg-1ubuntu4.2
4.2.6~dfsg-1ubuntu4.2+esm1
4.2.6~dfsg-1ubuntu4.2+esm2
4.2.6~dfsg-1ubuntu4.2+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "nodejs",
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm3"
        },
        {
            "binary_name": "nodejs-dev",
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm3"
        },
        {
            "binary_name": "nodejs-legacy",
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm3"
        }
    ]
}

Ubuntu:Pro:18.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.1~18.04.23+esm6?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.1~18.04.23+esm6

Affected versions

1.*

1.0.2g-1ubuntu13
1.0.2g-1ubuntu14
1.0.2n-1ubuntu1
1.1.0g-2ubuntu1
1.1.0g-2ubuntu2
1.1.0g-2ubuntu3
1.1.0g-2ubuntu4
1.1.0g-2ubuntu4.1
1.1.0g-2ubuntu4.3
1.1.1-1ubuntu2.1~18.04.1
1.1.1-1ubuntu2.1~18.04.2
1.1.1-1ubuntu2.1~18.04.3
1.1.1-1ubuntu2.1~18.04.4
1.1.1-1ubuntu2.1~18.04.5
1.1.1-1ubuntu2.1~18.04.6
1.1.1-1ubuntu2.1~18.04.7
1.1.1-1ubuntu2.1~18.04.8
1.1.1-1ubuntu2.1~18.04.9
1.1.1-1ubuntu2.1~18.04.10
1.1.1-1ubuntu2.1~18.04.13
1.1.1-1ubuntu2.1~18.04.14
1.1.1-1ubuntu2.1~18.04.15
1.1.1-1ubuntu2.1~18.04.17
1.1.1-1ubuntu2.1~18.04.19
1.1.1-1ubuntu2.1~18.04.20
1.1.1-1ubuntu2.1~18.04.21
1.1.1-1ubuntu2.1~18.04.22
1.1.1-1ubuntu2.1~18.04.23
1.1.1-1ubuntu2.1~18.04.23+esm1
1.1.1-1ubuntu2.1~18.04.23+esm3
1.1.1-1ubuntu2.1~18.04.23+esm4
1.1.1-1ubuntu2.1~18.04.23+esm5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.1.1-1ubuntu2.1~18.04.23+esm6"
        },
        {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1-1ubuntu2.1~18.04.23+esm6"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.1.1-1ubuntu2.1~18.04.23+esm6"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

openssl1.0

Package

Name
openssl1.0
Purl
pkg:deb/ubuntu/openssl1.0@1.0.2n-1ubuntu5.13+esm2?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2n-1ubuntu5.13+esm2

Affected versions

1.*

1.0.2n-1ubuntu2
1.0.2n-1ubuntu3
1.0.2n-1ubuntu4
1.0.2n-1ubuntu5
1.0.2n-1ubuntu5.1
1.0.2n-1ubuntu5.2
1.0.2n-1ubuntu5.3
1.0.2n-1ubuntu5.4
1.0.2n-1ubuntu5.5
1.0.2n-1ubuntu5.6
1.0.2n-1ubuntu5.7
1.0.2n-1ubuntu5.8
1.0.2n-1ubuntu5.9
1.0.2n-1ubuntu5.10
1.0.2n-1ubuntu5.11
1.0.2n-1ubuntu5.12
1.0.2n-1ubuntu5.13
1.0.2n-1ubuntu5.13+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl1.0-dev",
            "binary_version": "1.0.2n-1ubuntu5.13+esm2"
        },
        {
            "binary_name": "libssl1.0.0",
            "binary_version": "1.0.2n-1ubuntu5.13+esm2"
        },
        {
            "binary_name": "openssl1.0",
            "binary_version": "1.0.2n-1ubuntu5.13+esm2"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2@0~20180205.c0d9813c-2ubuntu0.3+esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20170911.*

0~20170911.5dfba97c-1

0~20171010.*

0~20171010.234dbcef-1

0~20171027.*

0~20171027.76fd5a66-1

0~20171205.*

0~20171205.a9212288-1

0~20180105.*

0~20180105.0bc94c74-1

0~20180205.*

0~20180205.c0d9813c-1
0~20180205.c0d9813c-2
0~20180205.c0d9813c-2ubuntu0.1
0~20180205.c0d9813c-2ubuntu0.2
0~20180205.c0d9813c-2ubuntu0.3
0~20180205.c0d9813c-2ubuntu0.3+esm1
0~20180205.c0d9813c-2ubuntu0.3+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ovmf",
            "binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "qemu-efi",
            "binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "qemu-efi-arm",
            "binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2"
        }
    ]
}

nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs@8.10.0~dfsg-2ubuntu0.4+esm6?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.11.4~dfsg-1ubuntu1
6.11.4~dfsg-1ubuntu2
6.12.0~dfsg-1ubuntu1
6.12.0~dfsg-2ubuntu1
6.12.0~dfsg-2ubuntu2

8.*

8.10.0~dfsg-2
8.10.0~dfsg-2ubuntu0.2
8.10.0~dfsg-2ubuntu0.3
8.10.0~dfsg-2ubuntu0.4
8.10.0~dfsg-2ubuntu0.4+esm1
8.10.0~dfsg-2ubuntu0.4+esm2
8.10.0~dfsg-2ubuntu0.4+esm3
8.10.0~dfsg-2ubuntu0.4+esm4
8.10.0~dfsg-2ubuntu0.4+esm5
8.10.0~dfsg-2ubuntu0.4+esm6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "nodejs",
            "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm6"
        },
        {
            "binary_name": "nodejs-dev",
            "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm6"
        }
    ]
}

Ubuntu:Pro:20.04:LTS

edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2@0~20191122.bd85bf54-2ubuntu3.6?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20190606.*

0~20190606.20d2e5a1-2ubuntu1

0~20190828.*

0~20190828.37eef910-3
0~20190828.37eef910-4

0~20191122.*

0~20191122.bd85bf54-1
0~20191122.bd85bf54-1ubuntu1
0~20191122.bd85bf54-2
0~20191122.bd85bf54-2ubuntu1
0~20191122.bd85bf54-2ubuntu2
0~20191122.bd85bf54-2ubuntu3
0~20191122.bd85bf54-2ubuntu3.1
0~20191122.bd85bf54-2ubuntu3.2
0~20191122.bd85bf54-2ubuntu3.3
0~20191122.bd85bf54-2ubuntu3.4
0~20191122.bd85bf54-2ubuntu3.5
0~20191122.bd85bf54-2ubuntu3.6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ovmf",
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.6"
        },
        {
            "binary_name": "qemu-efi",
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.6"
        },
        {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.6"
        },
        {
            "binary_name": "qemu-efi-arm",
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.6"
        }
    ]
}

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.24+esm1?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1f-1ubuntu2.24+esm1

Affected versions

1.*

1.1.1c-1ubuntu4
1.1.1d-2ubuntu3
1.1.1d-2ubuntu6
1.1.1f-1ubuntu1
1.1.1f-1ubuntu2
1.1.1f-1ubuntu2.1
1.1.1f-1ubuntu2.2
1.1.1f-1ubuntu2.3
1.1.1f-1ubuntu2.4
1.1.1f-1ubuntu2.5
1.1.1f-1ubuntu2.8
1.1.1f-1ubuntu2.9
1.1.1f-1ubuntu2.10
1.1.1f-1ubuntu2.11
1.1.1f-1ubuntu2.12
1.1.1f-1ubuntu2.13
1.1.1f-1ubuntu2.15
1.1.1f-1ubuntu2.16
1.1.1f-1ubuntu2.17
1.1.1f-1ubuntu2.18
1.1.1f-1ubuntu2.19
1.1.1f-1ubuntu2.20
1.1.1f-1ubuntu2.21
1.1.1f-1ubuntu2.22
1.1.1f-1ubuntu2.23
1.1.1f-1ubuntu2.24

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.1.1f-1ubuntu2.24+esm1"
        },
        {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1f-1ubuntu2.24+esm1"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.1.1f-1ubuntu2.24+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Ubuntu:Pro:FIPS-preview:22.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.12+Fips1?arch=source&distro=fips-preview/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.2-0ubuntu1.10+Fips1
3.0.2-0ubuntu1.12+Fips1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "3.0.2-0ubuntu1.12+Fips1"
        },
        {
            "binary_name": "libssl3",
            "binary_version": "3.0.2-0ubuntu1.12+Fips1"
        },
        {
            "binary_name": "openssl",
            "binary_version": "3.0.2-0ubuntu1.12+Fips1"
        }
    ]
}

Ubuntu:Pro:FIPS-updates:18.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.fips.2.1~18.04.23.5?arch=source&distro=fips-updates/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1-1ubuntu2.fips.2.1~18.04.5.1
1.1.1-1ubuntu2.fips.2.1~18.04.6.1
1.1.1-1ubuntu2.fips.2.1~18.04.7.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.2
1.1.1-1ubuntu2.fips.2.1~18.04.9.3
1.1.1-1ubuntu2.fips.2.1~18.04.13.2
1.1.1-1ubuntu2.fips.2.1~18.04.15
1.1.1-1ubuntu2.fips.2.1~18.04.15.1
1.1.1-1ubuntu2.fips.2.1~18.04.15.2
1.1.1-1ubuntu2.fips.2.1~18.04.17
1.1.1-1ubuntu2.fips.2.1~18.04.20
1.1.1-1ubuntu2.fips.2.1~18.04.21
1.1.1-1ubuntu2.fips.2.1~18.04.22
1.1.1-1ubuntu2.fips.2.1~18.04.23
1.1.1-1ubuntu2.fips.2.1~18.04.23.3
1.1.1-1ubuntu2.fips.2.1~18.04.23.4
1.1.1-1ubuntu2.fips.2.1~18.04.23.5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.5"
        },
        {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.5"
        },
        {
            "binary_name": "libssl1.1-hmac",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.5"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.5"
        }
    ]
}

Ubuntu:Pro:FIPS-updates:20.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.fips.24?arch=source&distro=fips-updates/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1f-1ubuntu2.fips.7
1.1.1f-1ubuntu2.fips.7.2
1.1.1f-1ubuntu2.fips.12
1.1.1f-1ubuntu2.fips.13
1.1.1f-1ubuntu2.fips.13.1
1.1.1f-1ubuntu2.fips.16
1.1.1f-1ubuntu2.fips.17
1.1.1f-1ubuntu2.fips.18
1.1.1f-1ubuntu2.fips.19
1.1.1f-1ubuntu2.fips.20
1.1.1f-1ubuntu2.fips.21
1.1.1f-1ubuntu2.fips.22
1.1.1f-1ubuntu2.fips.24

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.1.1f-1ubuntu2.fips.24"
        },
        {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1f-1ubuntu2.fips.24"
        },
        {
            "binary_name": "libssl1.1-hmac",
            "binary_version": "1.1.1f-1ubuntu2.fips.24"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.1.1f-1ubuntu2.fips.24"
        }
    ]
}

Ubuntu:Pro:FIPS-updates:22.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.19+Fips1?arch=source&distro=fips-updates/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.2-0ubuntu1.10+Fips1
3.0.2-0ubuntu1.12+Fips1
3.0.2-0ubuntu1.14+Fips1
3.0.2-0ubuntu1.15+Fips1
3.0.2-0ubuntu1.16+Fips1
3.0.2-0ubuntu1.17+Fips1
3.0.2-0ubuntu1.18+Fips1
3.0.2-0ubuntu1.19+Fips1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "3.0.2-0ubuntu1.19+Fips1"
        },
        {
            "binary_name": "libssl3",
            "binary_version": "3.0.2-0ubuntu1.19+Fips1"
        },
        {
            "binary_name": "openssl",
            "binary_version": "3.0.2-0ubuntu1.19+Fips1"
        }
    ]
}

Ubuntu:Pro:FIPS:16.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.fips.4.20.12?arch=source&distro=fips-updates/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.2g-1ubuntu4.fips.4.9.1
1.0.2g-1ubuntu4.fips.4.13.1
1.0.2g-1ubuntu4.fips.4.15.1
1.0.2g-1ubuntu4.fips.4.16.1
1.0.2g-1ubuntu4.fips.4.17.1
1.0.2g-1ubuntu4.fips.4.18.1
1.0.2g-1ubuntu4.fips.4.19.3
1.0.2g-1ubuntu4.fips.4.20.1
1.0.2g-1ubuntu4.fips.4.20.2
1.0.2g-1ubuntu4.fips.4.20.3
1.0.2g-1ubuntu4.fips.4.20.6
1.0.2g-1ubuntu4.fips.4.20.7
1.0.2g-1ubuntu4.fips.4.20.9
1.0.2g-1ubuntu4.fips.4.20.10
1.0.2g-1ubuntu4.fips.4.20.11
1.0.2g-1ubuntu4.fips.4.20.12

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.12"
        },
        {
            "binary_name": "libssl1.0.0",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.12"
        },
        {
            "binary_name": "libssl1.0.0-hmac",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.12"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.12"
        }
    ]
}

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.fips.4.6.3?arch=source&distro=fips/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.2g-1ubuntu4.fips.4.6~ppa1
1.0.2g-1ubuntu4.fips.4.6~ppa2
1.0.2g-1ubuntu4.fips.4.6~ppa3
1.0.2g-1ubuntu4.fips.4.6
1.0.2g-1ubuntu4.fips.4.6.1
1.0.2g-1ubuntu4.fips.4.6.2
1.0.2g-1ubuntu4.fips.4.6.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.6.3"
        },
        {
            "binary_name": "libssl1.0.0",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.6.3"
        },
        {
            "binary_name": "libssl1.0.0-hmac",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.6.3"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.6.3"
        }
    ]
}

Ubuntu:Pro:FIPS:18.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.fips.2.1~18.04.15.2?arch=source&distro=fips/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1-1ubuntu2.fips.2.1~18.04.3.1
1.1.1-1ubuntu2.fips.2.1~18.04.15.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2"
        },
        {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2"
        },
        {
            "binary_name": "libssl1.1-hmac",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2"
        }
    ]
}

Ubuntu:Pro:FIPS:20.04:LTS

openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.fips.7.1?arch=source&distro=fips/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1f-1ubuntu2.fips.2.8
1.1.1f-1ubuntu2.fips.7.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libssl-dev",
            "binary_version": "1.1.1f-1ubuntu2.fips.7.1"
        },
        {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1f-1ubuntu2.fips.7.1"
        },
        {
            "binary_name": "libssl1.1-hmac",
            "binary_version": "1.1.1f-1ubuntu2.fips.7.1"
        },
        {
            "binary_name": "openssl",
            "binary_version": "1.1.1f-1ubuntu2.fips.7.1"
        }
    ]
}