CVE-2025-68160

Issue summary: Writing large, newline-free data into a BIO chain using the<br /> line-buffering filter where the next BIO performs short writes can trigger<br /> a heap-based out-of-bounds write.<br /> <br /> Impact summary: This out-of-bounds write can cause memory corruption which<br /> typically results in a crash, leading to Denial of Service for an application.<br /> <br /> The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in<br /> TLS/SSL data paths. In OpenSSL command-line applications, it is typically<br /> only pushed onto stdout/stderr on VMS systems. Third-party applications that<br /> explicitly use this filter with a BIO chain that can short-write and that<br /> write large, newline-free data influenced by an attacker would be affected.<br /> However, the circumstances where this could happen are unlikely to be under<br /> attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated<br /> data controlled by an attacker. For that reason the issue was assessed as<br /> Low severity.<br /> <br /> The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,<br /> as the BIO implementation is outside the OpenSSL FIPS module boundary.<br /> <br /> OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.