Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Responseverification code where an ASN1_TYPE union member is accessed without firstvalidating the type, causing an invalid or NU...
Back to all
CVE

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Responseverification code where an ASN1_TYPE union member is accessed without firstvalidating the type, causing an invalid or NU...

Issue summary: A type confusion vulnerability exists in the TimeStamp Response

verification code where an ASN1_TYPE union member is accessed without first

validating the type, causing an invalid or NULL pointer dereference when

processing a malformed TimeStamp Response file.

Impact summary: An application calling TSRESPverify_response() with a

malformed TimeStamp Response can be caused to dereference an invalid or

NULL pointer when reading, resulting in a Denial of Service.

The functions osslessgetsigningcert() and osslessgetsigningcert_v2()

access the signing cert attribute value without validating its type.

When the type is not VASN1SEQUENCE, this results in accessing invalid memory

through the ASN1_TYPE union, causing a crash.

Exploiting this vulnerability requires an attacker to provide a malformed

TimeStamp Response to an application that verifies timestamp responses. The

TimeStamp protocol (RFC 3161) is not widely used and the impact of the

exploit is just a Denial of Service. For these reasons the issue was

assessed as Low severity.

The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,

as the TimeStamp Response implementation is outside the OpenSSL FIPS module

boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
C
H
U
-

Related Resources

No items found.

References

https://openssl-library.org/news/secadv/20260127.txt, https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9, https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a, https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e, https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b, https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085

Severity

7.5

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
7.5
EPSS Probability
0.00199%
EPSS Percentile
0.41811%
Introduced Version
98acb6b02839c609ef5b837794e08d906d965335,0,1.1.1,3.0.0,3.3.0,3.4.0,3.5.0,3.6.0
Fix Available
565bdcc41bbf89fcbaf962636469332689f0c9fd,1:3.5.1-7.el9_7,3.0.18-1~deb12u2,1.1.1w-0+deb11u5,3.5.4-1~deb13u2,0:3.0.13-0ubuntu3.7,0:1.1.1-1ubuntu2.1~18.04.23+esm7,0:1.1.1f-1ubuntu2.24+esm2,0:3.0.2-0ubuntu1.21,1.1.1ze,3.0.19,3.3.6,3.4.4,3.5.5,3.6.1,3.0.19-r0,3.5.5-r0,3.3.6-r0,2:3.5.1-7.0.1.ksplice1.el9_7,10:3.5.1-7.0.1.el9_7_fips,1:3.5.1-7.0.1.el9_7,0:20240813-306.amzn2,1:1.0.2k-24.amzn2.0.17,1:1.1.1zf-1.amzn2.0.1,1:3.2.2-1.amzn2023.0.5

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading