vulnerability

Oracle Linux: CVE-2025-11187: ELSA-2026-1472: openssl security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:S/C:P/I:P/A:C)	Jan 27, 2026	Jan 30, 2026	Feb 2, 2026

Severity

CVSS

(AV:L/AC:M/Au:S/C:P/I:P/A:C)

Published

Jan 27, 2026

Added

Jan 30, 2026

Modified

Feb 2, 2026

Description

A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.

Solutions

oracle-linux-upgrade-openssloracle-linux-upgrade-openssl-develoracle-linux-upgrade-openssl-libsoracle-linux-upgrade-openssl-perl

References

CVE-2025-11187
https://attackerkb.com/topics/CVE-2025-11187
ELSA-ELSA-2026-1472
ELSA-ELSA-2026-1473
ELSA-ELSA-2026-50075
ELSA-ELSA-2026-50080
ELSA-ELSA-2026-50081
CWE-787
CWE-476

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today