CVE-2025-66199

EUVD-2025-206398
Issue summary: A TLS 1.3 connection using certificate compression can be
forced to allocate a large buffer before decompression without checking
against the configured certificate size limit.

Impact summary: An attacker can cause per-connection memory allocations of
up to approximately 22 MiB and extra CPU work, potentially leading to
service degradation or resource exhaustion (Denial of Service).

In affected configurations, the peer-supplied uncompressed certificate
length from a CompressedCertificate message is used to grow a heap buffer
prior to decompression. This length is not bounded by the max_cert_list
setting, which otherwise constrains certificate message sizes. An attacker
can exploit this to cause large per-connection allocations followed by
handshake failure. No memory corruption or information disclosure occurs.

This issue only affects builds where TLS 1.3 certificate compression is
compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression
algorithm (brotli, zlib, or zstd) is available, and where the compression
extension is negotiated. Both clients receiving a server CompressedCertificate
and servers in mutual TLS scenarios receiving a client CompressedCertificate
are affected. Servers that do not request client certificates are not
vulnerable to client-initiated attacks.

Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION
to disable receiving compressed certificates.

The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,
as the TLS implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.

OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
opensslopenssl
3.3.0 ≤
𝑥
< 3.3.6
opensslopenssl
3.4.0 ≤
𝑥
< 3.4.4
opensslopenssl
3.5.0 ≤
𝑥
< 3.5.5
opensslopenssl
3.6.0 ≤
𝑥
< 3.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bookworm
3.0.20-1~deb12u1
fixed
bookworm (security)
3.0.20-1~deb12u2
fixed
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u8
fixed
forky
3.6.3-1
fixed
sid
3.6.3-1
fixed
trixie
3.5.6-1~deb13u1
fixed
trixie (security)
3.5.6-1~deb13u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
not-affected
nodejs
bionic
needs-triage
focal
not-affected
jammy
needed
noble
not-affected
plucky
not-affected
questing
not-affected
resolute
not-affected
trusty
not-affected
xenial
ignored
openssl
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
plucky
ignored
questing
Fixed 3.5.3-1ubuntu3
released
resolute
Fixed 3.5.5-1ubuntu1
released
trusty
not-affected
xenial
not-affected
openssl1.0
bionic
not-affected
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
openssl
RHEL 9
1:3.5.1-7.el9_7
fixed
openssl-devel
RHEL 9
1:3.5.1-7.el9_7
fixed
openssl-libs
RHEL 9
1:3.5.1-7.el9_7
fixed
openssl-perl
RHEL 9
1:3.5.1-7.el9_7
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
openssl
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-debuginfo
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-debugsource
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-devel
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-fips-provider-latest
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-fips-provider-latest-debuginfo
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-libs
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-libs-debuginfo
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-perl
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-snapsafe-libs
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
openssl-snapsafe-libs-debuginfo
Amazon Linux 2023
1:3.2.2-1.amzn2023.0.5
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
openssl
Azure Linux 3.0
0:3.3.5-2.azl3
fixed