OpenSSL 3.4.3
·
3962 commits
to master
since this release
OpenSSL 3.4.3 is a security patch release. The most severe CVE fixed in this
release is Moderate.
This release incorporates the following bug fixes and mitigations:
-
Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
(CVE-2025-9230) -
Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
(CVE-2025-9231) -
Fix Out-of-bounds read in HTTP client no_proxy handling.
(CVE-2025-9232)