Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Medium

Heap out-of-bounds write in OpenSSL BIO_f_linebuffer on short writes

IdentifiersCVE-2025-68160CWE-122

CVE-2025-68160 is a low-severity memory corruption vulnerability in OpenSSL's line-buffering BIO filter, BIO_f_linebuffer. When large newline-free data is written into a BIO chain using BIO_f_linebuffer and the next BIO in the chain performs short writes, OpenSSL can trigger a heap-based out-of-bounds write. The flaw affects OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1, and 1.0.2. The issue is outside the OpenSSL FIPS module boundary, so the FIPS modules for 3.6, 3.5, 3.4, 3.3, and 3.0 are not affected. The vulnerable condition is not part of the default TLS/SSL data path; the BIO_f_linebuffer filter is typically only used when applications explicitly add it to a BIO chain, and in OpenSSL command-line applications it is generally only pushed onto stdout/stderr on VMS systems.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful triggering causes a heap out-of-bounds write and resulting memory corruption. Based on the provided advisory text, the typical outcome is application crash and denial of service. Although memory corruption primitives can sometimes have broader consequences, the supplied material characterizes the practical impact here as usually a crash/DoS and assesses the issue as Low severity because attacker control over the required conditions is considered unlikely.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, avoid using BIO_f_linebuffer in BIO chains where the downstream BIO can short-write. Do not pass large, newline-free, attacker-influenced data through BIO_f_linebuffer. Prefer removing the line-buffering filter from such paths or ensuring only curated/validated output is processed through it. Because the filter is not used by default in normal TLS/SSL data paths, reducing or eliminating explicit application use of BIO_f_linebuffer materially lowers exposure.

Remediation

Patch, then assume compromise.

Upgrade to a fixed OpenSSL release. The provided content indicates fixes were released on 2026-01-27 in OpenSSL 3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19, 1.1.1ze, and 1.0.2zn. Downstream vendors may also have shipped remediated packages incorporating these fixes. For affected products embedding OpenSSL, apply the vendor-provided update that includes the corrected OpenSSL version or backported patch.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
FreebsdFreebsdapplication
OpenSSL Software FoundationOpensslapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

32 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

32 SOURCESView more in app
help net securityNews
Mar 2, 2026
IPFire ships its 200th core update with a new domain blocklist and kernel upgrade - Help Net Security

An OpenSSL vulnerability patched by upgrading to OpenSSL 3.6.1 in IPFire Core Update 200.

Read more
f5News
Mar 2, 2026
Weekly Threat Bulletin - February 4th, 2026 | F5 Labs

Unknown (listed among related OpenSSL CVEs, but not described in the content).

Read more
cyber security newsNews
Jan 28, 2026
OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code

Low-severity OpenSSL heap out-of-bounds write in the BIO linebuffer functionality, triggered by crafted inputs in affected code paths.

Read more
alpinelinuxNews
Jan 27, 2026
Alpine 3.20.9, 3.21.6, 3.22.3 and 3.23.3 released | Alpine Linux

An OpenSSL vulnerability addressed in Alpine Linux stable releases 3.20.9, 3.21.6, 3.22.3, and 3.23.3.

Read more
+6 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity17

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-68160
NVD
nvd.nist.gov/vuln/detail/CVE-2025-68160
MITRE CWE · CWE-122
cwe.mitre.org
Patch
github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad
Patch
github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6
Patch
github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c
Patch
github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0
Patch
github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096
Vendor Advisory
openssl-library.org/news/secadv/20260127.txt
cert-portal.siemens.com
cert-portal.siemens.com/productcert/html/ssa-265688.html