TWSD-1340 HSOL-4291 / APV OpenSSL Vulnerability CVE-2025-9230

Review Request #1237 — Created Dec. 17, 2025 and submitted Jan. 12, 2026, 12:08 p.m.

Information
Owner:	peteryeh
Repository:	APV10
Branch:	rel_apv_10_7_3, rel_apv_10_7_4, rel_apv_10_7
Bugs:	TWSD-1340
Depends On:
Reviewers
Groups:
People:	kevin.poh, mingji, tanya, weikai

Description

CVE-2025-9230: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. This out-of-bounds read may trigger a crash which leads to Denial of Service for an application

Testing Done

Intergrated from OpenSSL 1.1.1 to OpenSSL 3.2

Expand All
Collapse All

People:

+	tanya

Ship it!

```
Ship It!
```

Branch:

-	rel_apv_10_7
+	rel_apv_10_7_3

Branch:

-	rel_apv_10_7_3
+	rel_apv_10_7_3, rel_apv_10_7_4, rel_apv_10_7

Ship it!

```
Ship It!
```

You have a pending review.

Review Board 5.0.5

TWSD-1340 HSOL-4291 / APV OpenSSL Vulnerability CVE-2025-9230

People:

Branch:

Branch:

Status: Closed (submitted)