{"id":"CVE-2025-69421","details":"Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.","modified":"2026-04-02T13:05:42.582269Z","published":"2026-01-27T16:16:34.437Z","related":["ALSA-2026:1472","ALSA-2026:1473","CGA-4r5h-8hvp-w6xm","MGASA-2026-0029","SUSE-SU-2026:0309-1","SUSE-SU-2026:0310-1","SUSE-SU-2026:0311-1","SUSE-SU-2026:0312-1","SUSE-SU-2026:0331-1","SUSE-SU-2026:0332-1","SUSE-SU-2026:0333-1","SUSE-SU-2026:0343-1","SUSE-SU-2026:0346-1","SUSE-SU-2026:0358-1","SUSE-SU-2026:0359-1","SUSE-SU-2026:0360-1","SUSE-SU-2026:0498-1","SUSE-SU-2026:20211-1","SUSE-SU-2026:20223-1","SUSE-SU-2026:20349-1","SUSE-SU-2026:20373-1","openSUSE-SU-2026:10237-1","openSUSE-SU-2026:20152-1"],"references":[{"type":"ADVISORY","url":"https://openssl-library.org/news/secadv/20260127.txt"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"fixed":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"fixed":"a22063cd69a077cc68bb4c10e9f351f75899b194"},{"introduced":"4cb31128b5790819dfeea2739fbde265f71a10a2"},{"fixed":"4601ff25acd6c2fe58a8bfe241e6c470e27b8074"},{"introduced":"98acb6b02839c609ef5b837794e08d906d965335"},{"fixed":"565bdcc41bbf89fcbaf962636469332689f0c9fd"},{"introduced":"636dfadc70ce26f2473870570bfd9ec352806b1d"},{"fixed":"67b5686b4419b4cb8caa502711c41815f5279751"},{"introduced":"7b371d80d959ec9ab4139d09d78e83c090de9779"},{"fixed":"c9a9e5b10105ad850b6e4d1122c645c67767c341"},{"fixed":"3524a29271f8191b8fd8a5257eb05173982a097b"},{"fixed":"36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7"},{"fixed":"4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd"},{"fixed":"643986985cd1c21221f941129d76fe0c2785aeb3"},{"fixed":"a2dbc539f0f9cc63832709fa5aa33ad9495eb19c"}],"database_specific":{"versions":[{"introduced":"1.0.2"},{"fixed":"1.0.2zn"},{"introduced":"1.1.1"},{"last_affected":"1.1.1ze"},{"introduced":"3.0.0"},{"fixed":"3.0.19"},{"introduced":"3.3.0"},{"fixed":"3.3.6"},{"introduced":"3.4.0"},{"fixed":"3.4.4"},{"introduced":"3.5.0"},{"fixed":"3.5.5"},{"introduced":"3.6.0"},{"fixed":"3.6.1"}]}}],"versions":["3.0-POST-CLANG-FORMAT-WEBKIT","3.0-PRE-CLANG-FORMAT-WEBKIT","3.3-POST-CLANG-FORMAT-WEBKIT","3.3-PRE-CLANG-FORMAT-WEBKIT","3.4-POST-CLANG-FORMAT-WEBKIT","3.4-PRE-CLANG-FORMAT-WEBKIT","3.5-POST-CLANG-FORMAT-WEBKIT","3.5-PRE-CLANG-FORMAT-WEBKIT","3.6-POST-CLANG-FORMAT-WEBKIT","3.6-PRE-CLANG-FORMAT-WEBKIT","OpenSSL_1_1_1w","openssl-3.0.0","openssl-3.0.1","openssl-3.0.10","openssl-3.0.11","openssl-3.0.12","openssl-3.0.13","openssl-3.0.14","openssl-3.0.15","openssl-3.0.16","openssl-3.0.17","openssl-3.0.18","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.0.5","openssl-3.0.6","openssl-3.0.7","openssl-3.0.8","openssl-3.0.9","openssl-3.1.0","openssl-3.1.0-alpha1","openssl-3.1.0-beta1","openssl-3.1.1","openssl-3.1.2","openssl-3.1.3","openssl-3.1.4","openssl-3.1.5","openssl-3.1.6","openssl-3.1.7","openssl-3.1.8","openssl-3.3.0","openssl-3.3.1","openssl-3.3.2","openssl-3.3.3","openssl-3.3.4","openssl-3.3.5","openssl-3.4.0","openssl-3.4.1","openssl-3.4.2","openssl-3.4.3","openssl-3.5.0","openssl-3.5.1","openssl-3.5.2","openssl-3.5.3","openssl-3.5.4","openssl-3.6.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Line","target":{"file":"crypto/pkcs12/p12_decr.c"},"source":"https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3","signature_version":"v1","id":"CVE-2025-69421-0b61c516","digest":{"threshold":0.9,"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"]}},{"deprecated":false,"signature_type":"Function","target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"source":"https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3","signature_version":"v1","id":"CVE-2025-69421-2443ac5e","digest":{"function_hash":"282363665924433828558649956598481756185","length":755}},{"deprecated":false,"signature_type":"Line","target":{"file":"crypto/pkcs12/p12_decr.c"},"source":"https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd","signature_version":"v1","id":"CVE-2025-69421-5f3bff8c","digest":{"threshold":0.9,"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"]}},{"deprecated":false,"signature_type":"Function","target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"source":"https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd","signature_version":"v1","id":"CVE-2025-69421-8ce59eb8","digest":{"function_hash":"282363665924433828558649956598481756185","length":755}},{"deprecated":false,"signature_type":"Function","target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"source":"https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7","signature_version":"v1","id":"CVE-2025-69421-a66c706f","digest":{"function_hash":"282363665924433828558649956598481756185","length":755}},{"deprecated":false,"signature_type":"Line","target":{"file":"crypto/pkcs12/p12_decr.c"},"source":"https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7","signature_version":"v1","id":"CVE-2025-69421-b0975534","digest":{"threshold":0.9,"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"]}},{"deprecated":false,"signature_type":"Line","target":{"file":"crypto/pkcs12/p12_decr.c"},"source":"https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c","signature_version":"v1","id":"CVE-2025-69421-c36dfde8","digest":{"threshold":0.9,"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"]}},{"deprecated":false,"signature_type":"Function","target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"source":"https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b","signature_version":"v1","id":"CVE-2025-69421-d64ceeb0","digest":{"function_hash":"282363665924433828558649956598481756185","length":755}},{"deprecated":false,"signature_type":"Line","target":{"file":"crypto/opensslv.h"},"source":"https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8","signature_version":"v1","id":"CVE-2025-69421-e051451f","digest":{"threshold":0.9,"line_hashes":["251633914150035957322733061977107206211","338514574181828579838011565939158652696","76638288692106140328510055542557597351","142922657400765574308962710386922248045","71649992455794854055653842592139575350","65527166711110472566013424527579064967","253196866009476977787139000804413898733","172177136897997206866313011107384691461"]}},{"deprecated":false,"signature_type":"Line","target":{"file":"crypto/pkcs12/p12_decr.c"},"source":"https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b","signature_version":"v1","id":"CVE-2025-69421-f9b4c670","digest":{"threshold":0.9,"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"]}},{"deprecated":false,"signature_type":"Function","target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"source":"https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c","signature_version":"v1","id":"CVE-2025-69421-ffc081d4","digest":{"function_hash":"282363665924433828558649956598481756185","length":755}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69421.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}