OpenSSL Release Announcement for 3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19, 1.1.1ze and 1.0.2zn

Jan 27, 2026

Release Announcement for OpenSSL Library 3.6.1, 3.5 5, 3.4.4, 3.3.6, 3.0.19, 1.1.1ze and 1.0.2zn

The OpenSSL Project team announces the release of new versions of our open-source toolkit for SSL/TLS.

Changes and CVEs fixed in 3.6.1:

• CVE-2025-11187 - Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
• CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing.
• CVE-2025-15468 - NULL dereference in SSL_CIPHER_find() function on unknown cipher ID.
• CVE-2025-15469 - ‘openssl dgst’ one-shot codepath silently truncates inputs >16MB.
• CVE-2025-66199 - TLS 1.3 CompressedCertificate excessive memory allocation.
• CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes.
• CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
• CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
• CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
• CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
• CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
• CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

Changes and CVEs fixed in 3.5.5:

• CVE-2025-11187 - Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
• CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing.
• CVE-2025-15468 - NULL dereference in SSL_CIPHER_find() function on unknown cipher ID.
• CVE-2025-15469 - ‘openssl dgst’ one-shot codepath silently truncates inputs >16MB.
• CVE-2025-66199 - TLS 1.3 CompressedCertificate excessive memory allocation.
• CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes.
• CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
• CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
• CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
• CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
• CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
• CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

CVEs fixed in 3.4.4:

• CVE-2025-11187 - Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
• CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing.
• CVE-2025-15468 - NULL dereference in SSL_CIPHER_find() function on unknown cipher ID.
• CVE-2025-66199 - TLS 1.3 CompressedCertificate excessive memory allocation.
• CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes.
• CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
• CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
• CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
• CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
• CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
• CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

CVEs fixed in 3.3.6:

• CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing.
• CVE-2025-15468 - NULL dereference in SSL_CIPHER_find() function on unknown cipher ID.
• CVE-2025-66199 - TLS 1.3 CompressedCertificate excessive memory allocation.
• CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes.
• CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
• CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
• CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
• CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
• CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
• CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

CVEs fixed in 3.0.19:

• CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing.
• CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes.
• CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
• CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
• CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
• CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
• CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
• CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

CVEs fixed in 1.1.1ze: (premium support customers only)

• CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes.
• CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
• CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
• CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
• CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
• CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
• CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

CVEs fixed in 1.0.2zn: (premium support customers only)

• CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes.
• CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
• CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

All releases contain miscellaneous minor bug fixes. For details of the changes, refer to the release notes for versions 1.0.2, 1.1.1, 3.0, 3.3, 3.4, 3.5 and 3.6.

Specific notes on upgrading from previous versions are available in the OpenSSL Migration Guide.

OpenSSL Library 3.x is available for download at these URLs:

• https://www.openssl.org/source/
• https://github.com/openssl/openssl/releases

The distribution file names are for:

• OpenSSL Library 3.6.1 - openssl-3.6.1
• OpenSSL Library 3.5.5 - openssl-3.5.5
• OpenSSL Library 3.4.4 - openssl-3.4.4
• OpenSSL Library 3.3.6 - openssl-3.3.6
• OpenSSL Library 3.0.19 - openssl-3.0.19
• OpenSSL Library 1.1.1ze - openssl-1.1.1ze
• OpenSSL Library 1.0.2zn - openssl-1.0.2zn