OpenSSL
Moderate fix7 remedies
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*, +1 more
Moderate fix7 remedies
- >= 3.6, < 3.6.1
- >= 3.5, < 3.5.5
- >= 3.4, < 3.4.4
- >= 3.3, < 3.3.6
- >= 3.0, < 3.0.19
- >= 1.1.1, < 1.1.1ze
- >= 1.0.2, < 1.0.2zn
OpenSSL Heap-Based Buffer Overflow Vulnerability in BIO Line-Buffering Filter
Vulnerability
Patched
A heap-based buffer overflow vulnerability has been identified in OpenSSL versions 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1, and 1.0.2. The issue arises when large, newline-free data is written into a BIO chain using the line-buffering filter (BIO_f_linebuffer). If the next BIO in the chain performs short writes, the unwritten buffer is copied to an internal buffer without proper size validation, leading to an out-of-bounds write. This memory corruption typically causes a crash, resulting in a denial-of-service condition for the application.
Impact
Exploitation of this vulnerability causes memory corruption, which usually leads to a crash, creating a denial-of-service condition for the affected application.
Reproduction
The vulnerability can be reproduced by writing large, newline-free data into a BIO chain that uses the line-buffering filter and where the next BIO performs short writes. This can be done in third-party applications that explicitly use the line-buffering filter with a BIO chain capable of short writes.
Remediation
Users of OpenSSL 3.6 should upgrade to OpenSSL 3.6.1, those on 3.5 should upgrade to 3.5.5, and users on 3.4 should upgrade to 3.4.4. OpenSSL 1.1.1 and 1.0.2 users should upgrade to the latest versions available through the Premium Support program.
Added: Jan 27, 2026, 4:36 PM
Updated: Jan 27, 2026, 4:36 PM
Vulnerability Rating
Custom Algorithm
spread
8.6impact
2.5exploitability
8.4remediation
7.7relevance
2.4threat
4.8urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.