FKIE_CVE-2025-69421

Vulnerability from fkie_nvd - Published: 2026-01-27 16:16 - Updated: 2026-02-28 04:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.
References
openssl-security@openssl.orghttps://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097bPatch
openssl-security@openssl.orghttps://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7Patch
openssl-security@openssl.orghttps://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bdPatch
openssl-security@openssl.orghttps://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3Patch
openssl-security@openssl.orghttps://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19cPatch
openssl-security@openssl.orghttps://openssl-library.org/news/secadv/20260127.txtVendor Advisory
Impacted products
Vendor Product Version
openssl openssl *
openssl openssl *
openssl openssl *
openssl openssl *
openssl openssl *
openssl openssl *
openssl openssl *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8EC60C-05EC-4886-8C82-63AEF4BDA8D5",
              "versionEndExcluding": "1.0.2zn",
              "versionStartIncluding": "1.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A940A7B2-E35C-420E-A0EE-F1089180C133",
              "versionEndIncluding": "1.1.1ze",
              "versionStartIncluding": "1.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA",
              "versionEndExcluding": "3.0.19",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5292E9E-6B50-409F-9219-7B0A04047AD8",
              "versionEndExcluding": "3.3.6",
              "versionStartIncluding": "3.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619",
              "versionEndExcluding": "3.4.4",
              "versionStartIncluding": "3.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62",
              "versionEndExcluding": "3.5.5",
              "versionStartIncluding": "3.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5",
              "versionEndExcluding": "3.6.1",
              "versionStartIncluding": "3.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."
    },
    {
      "lang": "es",
      "value": "Resumen del problema: Procesar un archivo PKCS#12 malformado puede desencadenar una desreferencia de puntero NULL en la funci\u00f3n PKCS12_item_decrypt_d2i_ex().\n\nResumen del impacto: Una desreferencia de puntero NULL puede desencadenar un fallo que lleva a la denegaci\u00f3n de servicio para una aplicaci\u00f3n que procesa archivos PKCS#12.\n\nLa funci\u00f3n PKCS12_item_decrypt_d2i_ex() no comprueba si el par\u00e1metro oct es NULL antes de desreferenciarlo. Cuando se llama desde PKCS12_unpack_p7encdata() con un archivo PKCS#12 malformado, este par\u00e1metro puede ser NULL, causando un fallo. La vulnerabilidad est\u00e1 limitada a la denegaci\u00f3n de servicio y no puede ser escalada para lograr la ejecuci\u00f3n de c\u00f3digo o la divulgaci\u00f3n de memoria.\n\nExplotar este problema requiere que un atacante proporcione un archivo PKCS#12 malformado a una aplicaci\u00f3n que lo procesa. Por esa raz\u00f3n, el problema fue evaluado como de baja severidad seg\u00fan nuestra Pol\u00edtica de Seguridad.\n\nLos m\u00f3dulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de PKCS#12 est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 y 1.0.2 son vulnerables a este problema."
    }
  ],
  "id": "CVE-2025-69421",
  "lastModified": "2026-02-28T04:16:17.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-27T16:16:34.437",
  "references": [
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://openssl-library.org/news/secadv/20260127.txt"
    }
  ],
  "sourceIdentifier": "openssl-security@openssl.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "openssl-security@openssl.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.