Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Medium

OpenSSL TLS 1.3 CompressedCertificate Excessive Memory Allocation DoS

IdentifiersCVE-2025-66199CWE-770

CVE-2025-66199 is a denial-of-service flaw in OpenSSL's handling of TLS 1.3 certificate compression. In affected OpenSSL 3.3, 3.4, 3.5, and 3.6 builds, when the certificate compression feature is compiled in and negotiated, the implementation uses the peer-supplied uncompressed certificate length from the TLS 1.3 CompressedCertificate message to grow a heap buffer before decompression. That length is not bounded by the configured max_cert_list certificate size limit, allowing a peer to force large allocations prior to handshake failure. The issue affects clients receiving a server CompressedCertificate and servers receiving a client CompressedCertificate in mutual TLS scenarios. The advisory states no memory corruption or information disclosure occurs.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

A remote attacker can cause excessive per-connection memory allocation of up to approximately 22 MiB, along with additional CPU work for decompression handling, potentially degrading service or exhausting resources and causing denial of service. Exploitation results in handshake failure after resource consumption rather than code execution, memory corruption, or data disclosure.

Mitigation

If you can’t patch tonight, do this now.

Disable receiving TLS 1.3 compressed certificates by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION. Additional risk reduction is possible by ensuring TLS 1.3 certificate compression is not compiled in or by avoiding availability/negotiation of certificate compression algorithms such as brotli, zlib, or zstd. Servers that do not request client certificates are not exposed to client-initiated exploitation in the server role.

Remediation

Patch, then assume compromise.

Upgrade OpenSSL to a fixed release: 3.6.1, 3.5.5, 3.4.4, or 3.3.6, as appropriate for the deployed branch. OpenSSL 3.0, 1.1.1, and 1.0.2 are not affected. Downstream products should be updated to vendor-provided releases that incorporate these fixes.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
FreebsdFreebsdapplication
OpenSSL Software FoundationOpensslapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

28 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

28 SOURCESView more in app
help net securityNews
Mar 2, 2026
IPFire ships its 200th core update with a new domain blocklist and kernel upgrade - Help Net Security

An OpenSSL vulnerability patched by upgrading to OpenSSL 3.6.1 in IPFire Core Update 200.

Read more
f5News
Mar 2, 2026
Weekly Threat Bulletin - February 4th, 2026 | F5 Labs

Unknown (listed among related OpenSSL CVEs, but not described in the content).

Read more
cyber security newsNews
Jan 28, 2026
OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code

Low-severity OpenSSL denial-of-service condition related to TLS 1.3 certificate compression handling.

Read more
alpinelinuxNews
Jan 27, 2026
Alpine 3.20.9, 3.21.6, 3.22.3 and 3.23.3 released | Alpine Linux

An OpenSSL vulnerability addressed in Alpine Linux stable releases 3.20.9, 3.21.6, 3.22.3, and 3.23.3.

Read more
+5 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity15

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-66199
NVD
nvd.nist.gov/vuln/detail/CVE-2025-66199
MITRE CWE · CWE-770
cwe.mitre.org
Patch
github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4
Patch
github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451
Patch
github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5
Patch
github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4
Vendor Advisory
openssl-library.org/news/secadv/20260127.txt