Missing ASN1_TYPE validation in TS_RESP_verify_response() function
CVSS v3
7.5
HIGH
EPSS Score
0.3%
exploit probability
CISA KEV
No
known exploited
Exploitation
none
SSVC status
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions oss
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions oss
Active exploitation of CVE-2025-69420 has not been confirmed. The EPSS score is 0.3%, indicating the estimated probability of exploitation in the next 30 days.
CVE-2025-69420 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.