CVE-2025-68160 (GCVE-0-2025-68160)

Vulnerability from cvelistv5 – Published: 2026-01-27 16:01 – Updated: 2026-05-12 12:08
VLAI
Title
Heap out-of-bounds write in BIO_f_linebuffer on short writes
Summary
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.
Severity
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
OpenSSL OpenSSL Affected: 3.6.0 , < 3.6.1 (semver)
Affected: 3.5.0 , < 3.5.5 (semver)
Affected: 3.4.0 , < 3.4.4 (semver)
Affected: 3.3.0 , < 3.3.6 (semver)
Affected: 3.0.0 , < 3.0.19 (semver)
Affected: 1.1.1 , < 1.1.1ze (custom)
Affected: 1.0.2 , < 1.0.2zn (custom)
Create a notification for this product.
Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
Create a notification for this product.
Date Public
2026-01-27 14:00
Credits
Petr Šimeček (Aisle Research) Stanislav Fort (Aisle Research) Stanislav Fort (Aisle Research) Neil Horman
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-68160",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T15:04:54.880991Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T15:06:04.443Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:39.602Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.1",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.5",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.4",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.6",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.19",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1ze",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zn",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Petr \u0160ime\u010dek (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Stanislav Fort (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Stanislav Fort (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Neil Horman"
        }
      ],
      "datePublic": "2026-01-27T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Writing large, newline-free data into a BIO chain using the\u003cbr\u003eline-buffering filter where the next BIO performs short writes can trigger\u003cbr\u003ea heap-based out-of-bounds write.\u003cbr\u003e\u003cbr\u003eImpact summary: This out-of-bounds write can cause memory corruption which\u003cbr\u003etypically results in a crash, leading to Denial of Service for an application.\u003cbr\u003e\u003cbr\u003eThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\u003cbr\u003eTLS/SSL data paths. In OpenSSL command-line applications, it is typically\u003cbr\u003eonly pushed onto stdout/stderr on VMS systems. Third-party applications that\u003cbr\u003eexplicitly use this filter with a BIO chain that can short-write and that\u003cbr\u003ewrite large, newline-free data influenced by an attacker would be affected.\u003cbr\u003eHowever, the circumstances where this could happen are unlikely to be under\u003cbr\u003eattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\u003cbr\u003edata controlled by an attacker. For that reason the issue was assessed as\u003cbr\u003eLow severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the BIO implementation is outside the OpenSSL FIPS module boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."
            }
          ],
          "value": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-27T16:01:23.181Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "name": "3.6.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c"
        },
        {
          "name": "3.5.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0"
        },
        {
          "name": "3.4.4 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096"
        },
        {
          "name": "3.3.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad"
        },
        {
          "name": "3.0.19 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Heap out-of-bounds write in BIO_f_linebuffer on short writes",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2025-68160",
    "datePublished": "2026-01-27T16:01:23.181Z",
    "dateReserved": "2025-12-16T09:20:53.257Z",
    "dateUpdated": "2026-05-12T12:08:39.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-68160",
      "date": "2026-06-19",
      "epss": "0.00152",
      "percentile": "0.04732"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68160\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2026-01-27T16:16:15.900\",\"lastModified\":\"2026-05-12T13:17:24.080\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: Writing large, newline-free data into a BIO chain using the\\nline-buffering filter where the next BIO performs short writes can trigger\\na heap-based out-of-bounds write.\\n\\nImpact summary: This out-of-bounds write can cause memory corruption which\\ntypically results in a crash, leading to Denial of Service for an application.\\n\\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\\nexplicitly use this filter with a BIO chain that can short-write and that\\nwrite large, newline-free data influenced by an attacker would be affected.\\nHowever, the circumstances where this could happen are unlikely to be under\\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\\ndata controlled by an attacker. For that reason the issue was assessed as\\nLow severity.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.\"},{\"lang\":\"es\",\"value\":\"Resumen del problema: Escribir datos grandes y sin saltos de l\u00ednea en una cadena BIO usando el filtro de b\u00fafer de l\u00ednea, donde el siguiente BIO realiza escrituras cortas, puede desencadenar una escritura fuera de l\u00edmites basada en el mont\u00f3n.\\n\\nResumen del impacto: Esta escritura fuera de l\u00edmites puede causar corrupci\u00f3n de memoria, lo que t\u00edpicamente resulta en un fallo, llevando a una denegaci\u00f3n de servicio para una aplicaci\u00f3n.\\n\\nEl filtro BIO de b\u00fafer de l\u00ednea (BIO_f_linebuffer) no se usa por defecto en las rutas de datos TLS/SSL. En las aplicaciones de l\u00ednea de comandos de OpenSSL, t\u00edpicamente solo se env\u00eda a stdout/stderr en sistemas VMS. Las aplicaciones de terceros que usan expl\u00edcitamente este filtro con una cadena BIO que puede realizar escrituras cortas y que escriben datos grandes y sin saltos de l\u00ednea influenciados por un atacante se ver\u00edan afectadas. Sin embargo, es poco probable que las circunstancias en las que esto podr\u00eda ocurrir est\u00e9n bajo el control del atacante, y es poco probable que BIO_f_linebuffer est\u00e9 manejando datos no curados controlados por un atacante. Por esa raz\u00f3n, el problema fue evaluado como de baja severidad.\\n\\nLos m\u00f3dulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de BIO est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 y 1.0.2 son vulnerables a este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.2\",\"versionEndExcluding\":\"1.0.2zn\",\"matchCriteriaId\":\"6A8EC60C-05EC-4886-8C82-63AEF4BDA8D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.1\",\"versionEndExcluding\":\"1.1.1ze\",\"matchCriteriaId\":\"E000B986-6A31-468F-9EA3-B9D16DB16FB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.19\",\"matchCriteriaId\":\"C76C5F55-5243-4461-82F5-2FEBFF4D59FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.6\",\"matchCriteriaId\":\"F5292E9E-6B50-409F-9219-7B0A04047AD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.4\",\"matchCriteriaId\":\"B9D3DCAE-317D-4DFB-93F0-7A235A229619\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.5\",\"matchCriteriaId\":\"1CAC7CBE-EC03-4089-938A-0CEEB2E09B62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.1\",\"matchCriteriaId\":\"68352537-5E99-4F4D-B78A-BCF0353A70A5\"}]}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://openssl-library.org/news/secadv/20260127.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T12:08:39.602Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68160\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-29T15:04:54.880991Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T15:05:45.180Z\"}}], \"cna\": {\"title\": \"Heap out-of-bounds write in BIO_f_linebuffer on short writes\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Petr \\u0160ime\\u010dek (Aisle Research)\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Stanislav Fort (Aisle Research)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Stanislav Fort (Aisle Research)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Neil Horman\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"Low\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.6.0\", \"lessThan\": \"3.6.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.5.0\", \"lessThan\": \"3.5.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.19\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.1.1\", \"lessThan\": \"1.1.1ze\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.0.2\", \"lessThan\": \"1.0.2zn\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-01-27T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20260127.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c\", \"name\": \"3.6.1 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0\", \"name\": \"3.5.5 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096\", \"name\": \"3.4.4 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad\", \"name\": \"3.3.6 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6\", \"name\": \"3.0.19 git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: Writing large, newline-free data into a BIO chain using the\\nline-buffering filter where the next BIO performs short writes can trigger\\na heap-based out-of-bounds write.\\n\\nImpact summary: This out-of-bounds write can cause memory corruption which\\ntypically results in a crash, leading to Denial of Service for an application.\\n\\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\\nexplicitly use this filter with a BIO chain that can short-write and that\\nwrite large, newline-free data influenced by an attacker would be affected.\\nHowever, the circumstances where this could happen are unlikely to be under\\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\\ndata controlled by an attacker. For that reason the issue was assessed as\\nLow severity.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: Writing large, newline-free data into a BIO chain using the\u003cbr\u003eline-buffering filter where the next BIO performs short writes can trigger\u003cbr\u003ea heap-based out-of-bounds write.\u003cbr\u003e\u003cbr\u003eImpact summary: This out-of-bounds write can cause memory corruption which\u003cbr\u003etypically results in a crash, leading to Denial of Service for an application.\u003cbr\u003e\u003cbr\u003eThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\u003cbr\u003eTLS/SSL data paths. In OpenSSL command-line applications, it is typically\u003cbr\u003eonly pushed onto stdout/stderr on VMS systems. Third-party applications that\u003cbr\u003eexplicitly use this filter with a BIO chain that can short-write and that\u003cbr\u003ewrite large, newline-free data influenced by an attacker would be affected.\u003cbr\u003eHowever, the circumstances where this could happen are unlikely to be under\u003cbr\u003eattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\u003cbr\u003edata controlled by an attacker. For that reason the issue was assessed as\u003cbr\u003eLow severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the BIO implementation is outside the OpenSSL FIPS module boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2026-01-27T16:01:23.181Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-68160\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T12:08:39.602Z\", \"dateReserved\": \"2025-12-16T09:20:53.257Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2026-01-27T16:01:23.181Z\", \"assignerShortName\": \"openssl\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.