CVE-2025-69420

HIGH
2026-01-27 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch Released
Feb 02, 2026 - 18:33 nvd
Patch available
CVE Published
Jan 27, 2026 - 16:16 nvd
HIGH 7.5

Tags

OpenSSL Tls Null Pointer Dereference Denial Of Service Redhat Suse

Description

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

Analysis

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. [CVSS 7.5 HIGH]

Technical Context

Classified as CWE-754 (Improper Check for Unusual or Exceptional Conditions). Affects the a Denial of component of Openssl. Issue summary: A type confusion vulnerability exists in the TimeStamp Response

verification code where an ASN1_TYPE union member is accessed without first

validating the type, causing an invalid or NULL pointer dereference when

processing a malformed TimeStamp Response file.

Impact summary: An application calling TS_RESP_verify_response() with a

malformed TimeStamp Response can be caused to dereference an invalid or

NULL pointer when reading, resulting in a Denial of Service.

The functions oss

Affected Products

Vendor: Openssl. Product: Openssl. Component: a Denial of.

Remediation

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +38
POC: 0

Vendor Status

Share

CVE-2025-69420 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy