MNBSD-2026-42: out-of-bounds read in HTTP client no_proxy handling

Severity: Unknown

Affected Package: openssl

Summary: out-of-bounds read in HTTP client no_proxy handling

Description

An application using the OpenSSL HTTP client API may trigger an out-of-bounds read if the no_proxy environment variable is set and the host portion of the HTTP URL authority is an IPv6 address, triggering a crash (Denial of Service). Severity: Low (OpenSSL).

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2025-9232

Published: June 11, 2026
Last Modified: June 11, 2026