Skip to content

OpenSSL 3.5.4

Choose a tag to compare

View all tags
@openssl-machine openssl-machine released this 30 Sep 12:44
· 2778 commits to master since this release
openssl-3.5.4
c1eeb94

OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

  • Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
    (CVE-2025-9230)

  • Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
    (CVE-2025-9231)

  • Fix Out-of-bounds read in HTTP client no_proxy handling.
    (CVE-2025-9232)

  • Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release
    builds, as it broke some exiting applications that relied on the previous
    3.x semantics, as documented in OpenSSL_version(3).

Assets 6
Loading
0 Join discussion