CVE-2025-69420
Publication date 27 January 2026
Last updated 30 January 2026
Ubuntu priority
Description
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.
Read the notes from the security team
Why is this CVE low priority?
OpenSSL developers have rated this issue to be low severity
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openssl | 25.10 questing |
Fixed 3.5.3-1ubuntu3
|
| 24.04 LTS noble |
Fixed 3.0.13-0ubuntu3.7
|
|
| 22.04 LTS jammy |
Fixed 3.0.2-0ubuntu1.21
|
|
| 20.04 LTS focal |
Fixed 1.1.1f-1ubuntu2.24+esm2
|
|
| 18.04 LTS bionic |
Fixed 1.1.1-1ubuntu2.1~18.04.23+esm7
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| openssl1.0 | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| nodejs | 25.10 questing |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Vulnerable
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Not affected
|
|
| edk2 | 25.10 questing |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialNotes
mdeslaur
edk2 in jammy embeds OpenSSL 1.1.1j edk2 in noble embeds OpenSSL 3.0.9 edk2 in plucky embeds OpenSSL 3.4.0 edk2 in questing embeds OpenSSL 3.4.0 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable code not compiled in edk2
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-7980-1
- OpenSSL vulnerabilities
- 27 January 2026
- USN-7980-2
- OpenSSL vulnerabilities
- 27 January 2026