OpenSSL 3.0.19 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

• Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467)

• Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160)

• Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418)

• Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419)

• Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420)

• Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function. (CVE-2025-69421)

• Fixed Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795)

• Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796)