Sales Chat - Click Here

OpenSSL Malformed Parsing DoS Vulnerabilities

Apr 22, 2026
Vulnerability ID Vulnerability Overview
CVE-2025-69419 A bug in how OpenSSL converts UTF-16 "friendly names" in PKCS#12 files to UTF-8. It causes a single zero byte to be written before the allocated buffer.
CVE-2025-69420 Occurs during TimeStamp Response verification. The code fails to check a data type before accessing it, leading to a NULL pointer dereference and crash.
CVE-2025-69421 A failure to check if a specific parameter is NULL when decrypting a PKCS#12 file, causing the application to crash if the file is malformed.
CVE-2026-22795 Similar to CVE-2025-69420, but located in the PKCS#12 parsing code. It accesses a memory union incorrectly, causing a crash (usually in the "zero page" of memory).
CVE-2026-22796 Occurs during PKCS#7 signature verification. It fails to validate the "message digest" attribute type, leading to an invalid memory read and crash.


Affected Supported TeraStations

LS700
Vulnerability is patched from firmware version 2.04
 

Back to Security Notices

Date Description
04/22/2026 Initial release
X