{"id":"USN-8414-1","summary":"openssl vulnerabilities","details":"Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1\ncontent parsing. An attacker could possibly use this issue to cause OpenSSL\nto crash, resulting in a denial of service, or obtain sensitive\ninformation. (CVE-2026-34180)\n\nPavol Zacik and Alex Gaynor discovered that OpenSSL incorrectly accepted\nPKCS#12 files with short HMAC keys when using PBMAC1. An attacker could\npossibly use this issue to bypass integrity checks. This issue only\naffected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-34181)\n\nAsim Viladi Oglu Manizada and Alex Gaynor discovered that OpenSSL could\naccept forged CMS AuthEnvelopedData messages. An attacker could possibly\nuse this issue to bypass message authentication checks. (CVE-2026-34182)\n\nAbhinav Agarwal discovered that OpenSSL had unbounded memory growth in the\nQUIC PATH_CHALLENGE handler. A remote attacker could possibly use this\nissue to cause OpenSSL to use excessive resources, leading to a denial of\nservice. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS.\n(CVE-2026-34183)\n\nSunwoo Lee, Hyuk Lim, and Seunghyun Yoon discovered that OpenSSL had a NULL\npointer dereference in QUIC server initial packet handling. A remote\nattacker could possibly use this issue to cause OpenSSL to crash, resulting\nin a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu\n26.04 LTS. (CVE-2026-42764)\n\nMayank Jangid, Kushal Khemka, Hari Priandana, Bhabani Sankar Das, and Qifan\nZhang discovered that OpenSSL had a possible NULL dereference in password-\nbased CMS decryption. An attacker could possibly use this issue to cause\nOpenSSL to crash, resulting in a denial of service. (CVE-2026-42766)\n\nZhanpeng Liu, Guannan Wang, and Guancheng Li discovered that OpenSSL had a\nNULL pointer dereference in CRMF EncryptedValue decryption. An attacker\ncould possibly use this issue to cause OpenSSL to crash, resulting in a\ndenial of service. (CVE-2026-42767)\n\nAlex Gaynor discovered that OpenSSL had a Bleichenbacher oracle in\nCMS_decrypt() and PKCS7_decrypt() with multiple RecipientInfo values. An\nattacker could possibly use this issue to obtain sensitive information.\nThis issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS.\n(CVE-2026-42768)\n\nAlex Gaynor discovered that OpenSSL had a trust-anchor substitution issue\nin CMP rootCaKeyUpdate processing. An attacker could possibly use this\nissue to bypass certificate trust validation. This issue only affected\nUbuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-42769)\n\nAlex Gaynor discovered that OpenSSL used attacker-supplied parameters when\nvalidating FFC-DH peers. An attacker could possibly use this issue to\nweaken key validation and compromise security guarantees. (CVE-2026-42770)\n\nAlex Gaynor discovered that OpenSSL could ignore the IV in AES-OCB mode on\nthe EVP_Cipher() path. An attacker could possibly use this issue to bypass\ncryptographic protections and obtain sensitive information.\n(CVE-2026-45445)\n\nAlex Gaynor discovered that OpenSSL had incorrect tag processing for empty\nmessages in AES-GCM-SIV and AES-SIV modes. An attacker could possibly use\nthis issue to bypass cryptographic integrity checks. (CVE-2026-45446)\n\nThai Duong discovered that OpenSSL had a heap use-after-free in\nPKCS7_verify(). An attacker could possibly use this issue to cause OpenSSL\nto crash, resulting in a denial of service, or execute arbitrary code.\n(CVE-2026-45447)\n\nZehua Qiao and Jinwen He discovered that OpenSSL had a possible heap buffer\noverflow in ASN.1 multibyte string conversion. An attacker could possibly\nuse this issue to cause OpenSSL to crash, resulting in a denial of service,\nor execute arbitrary code. (CVE-2026-7383)\n\nBhabani Sankar Das discovered that OpenSSL had an out-of-bounds read in CMS\npassword-based decryption. An attacker could possibly use this issue to\ncause OpenSSL to crash, resulting in a denial of service. (CVE-2026-9076)","modified":"2026-06-11T10:45:18.856590311Z","published":"2026-06-09T17:14:22Z","related":["UBUNTU-CVE-2026-34180","UBUNTU-CVE-2026-34181","UBUNTU-CVE-2026-34182","UBUNTU-CVE-2026-34183","UBUNTU-CVE-2026-42764","UBUNTU-CVE-2026-42766","UBUNTU-CVE-2026-42767","UBUNTU-CVE-2026-42768","UBUNTU-CVE-2026-42769","UBUNTU-CVE-2026-42770","UBUNTU-CVE-2026-45445","UBUNTU-CVE-2026-45446","UBUNTU-CVE-2026-45447","UBUNTU-CVE-2026-7383","UBUNTU-CVE-2026-9076"],"upstream":["UBUNTU-CVE-2026-7383","UBUNTU-CVE-2026-9076","UBUNTU-CVE-2026-34180","UBUNTU-CVE-2026-34181","UBUNTU-CVE-2026-34182","UBUNTU-CVE-2026-34183","UBUNTU-CVE-2026-42764","UBUNTU-CVE-2026-42766","UBUNTU-CVE-2026-42767","UBUNTU-CVE-2026-42768","UBUNTU-CVE-2026-42769","UBUNTU-CVE-2026-42770","UBUNTU-CVE-2026-45445","UBUNTU-CVE-2026-45446","UBUNTU-CVE-2026-45447"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8414-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-7383"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-9076"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34180"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34181"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34182"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34183"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42764"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42766"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42767"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42768"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42769"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42770"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-45445"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-45446"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-45447"}],"affected":[{"package":{"name":"openssl","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/openssl?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.2-0ubuntu1.25"}]}],"versions":["1.1.1l-1ubuntu1","3.0.0-1ubuntu1","3.0.1-0ubuntu1","3.0.2-0ubuntu1","3.0.2-0ubuntu1.1","3.0.2-0ubuntu1.2","3.0.2-0ubuntu1.4","3.0.2-0ubuntu1.5","3.0.2-0ubuntu1.6","3.0.2-0ubuntu1.7","3.0.2-0ubuntu1.8","3.0.2-0ubuntu1.9","3.0.2-0ubuntu1.10","3.0.2-0ubuntu1.12","3.0.2-0ubuntu1.13","3.0.2-0ubuntu1.14","3.0.2-0ubuntu1.15","3.0.2-0ubuntu1.16","3.0.2-0ubuntu1.17","3.0.2-0ubuntu1.18","3.0.2-0ubuntu1.19","3.0.2-0ubuntu1.20","3.0.2-0ubuntu1.21","3.0.2-0ubuntu1.23"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.2-0ubuntu1.25","binary_name":"libssl3"},{"binary_version":"3.0.2-0ubuntu1.25","binary_name":"openssl"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8414-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2026-7383","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-9076","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34180","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34182","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42766","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42767","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42770","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-45445","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-45446","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-45447","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}]}}},{"package":{"name":"openssl","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/openssl?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.13-0ubuntu3.11"}]}],"versions":["3.0.10-1ubuntu2","3.0.10-1ubuntu2.1","3.0.10-1ubuntu3","3.0.10-1ubuntu4","3.0.13-0ubuntu2","3.0.13-0ubuntu3","3.0.13-0ubuntu3.1","3.0.13-0ubuntu3.2","3.0.13-0ubuntu3.3","3.0.13-0ubuntu3.4","3.0.13-0ubuntu3.5","3.0.13-0ubuntu3.6","3.0.13-0ubuntu3.7","3.0.13-0ubuntu3.9"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.13-0ubuntu3.11","binary_name":"libssl3t64"},{"binary_version":"3.0.13-0ubuntu3.11","binary_name":"openssl"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8414-1.json","cves_map":{"cves":[{"id":"CVE-2026-7383","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-9076","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34180","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34182","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42766","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42767","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42770","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-45445","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-45446","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-45447","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}},{"package":{"name":"openssl","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/openssl?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.3-1ubuntu3.4"}]}],"versions":["3.4.1-1ubuntu3","3.5.0-2ubuntu1","3.5.2-1ubuntu1","3.5.3-1ubuntu2","3.5.3-1ubuntu3","3.5.3-1ubuntu3.3"],"ecosystem_specific":{"binaries":[{"binary_version":"3.5.3-1ubuntu3.4","binary_name":"libssl3t64"},{"binary_version":"3.5.3-1ubuntu3.4","binary_name":"openssl"},{"binary_version":"3.5.3-1ubuntu3.4","binary_name":"openssl-provider-legacy"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8414-1.json","cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"id":"CVE-2026-7383","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-9076","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34180","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34181","severity":[{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34182","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34183","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42764","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42766","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42767","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42768","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42769","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42770","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-45445","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-45446","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-45447","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}]}}},{"package":{"name":"openssl","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/openssl?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.5-1ubuntu3.2"}]}],"versions":["3.5.3-1ubuntu2","3.5.5-1ubuntu1","3.5.5-1ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_version":"3.5.5-1ubuntu3.2","binary_name":"libssl3t64"},{"binary_version":"3.5.5-1ubuntu3.2","binary_name":"openssl"},{"binary_version":"3.5.5-1ubuntu3.2","binary_name":"openssl-provider-legacy"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8414-1.json","cves_map":{"cves":[{"id":"CVE-2026-7383","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-9076","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34180","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34181","severity":[{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-34182","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34183","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42764","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-42766","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42767","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42768","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42769","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-42770","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-45445","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-45446","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-45447","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:26.04:LTS"}}}],"schema_version":"1.7.5"}