* Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
Affects: FreeBSD 15.x, 14.x, and 13.x
An application trying to decrypt cryptographic message syntax (CMS) messages encrypted using password based encryption can trigger an out-of-bounds read and write.
* Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)
Affects: FreeBSD 15.x only
A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64-bit ARM
platforms.
* Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232) Affects: FreeBSD 15.x and 14.x only
An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the "no_proxy" environment variable is set and the host
portion of the authority component of the HTTP URL is an IPv6 address.
