OpenSSL: Stack buffer overflow in CMS AuthEnvelopedData parsing

https://news.ycombinator.com/rss Hits: 8
Summary

If you think you have found a security bug in OpenSSL, please report it to us. Show issues fixed only in OpenSSL 3.6, 3.5, 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1, 1.1.0, 1.0.2, 1.0.1, 1.0.0, 0.9.8, 0.9.7, 0.9.6. Note: All OpenSSL versions before 1.1.1 are out of support and no longer receiving updates. Extended support is available for 1.0.2 from OpenSSL Software Services for premium support customers. Jump to year: 2026, 2025, 2024, 2023, 2022, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002. 2026 CVE-2025-11187 Severity Moderate Published at 27 January 2026 Title Improper validation of PBMAC1 parameters in PKCS#12 MAC verification Found by Stanislav Fort (Aisle Research), Petr 艩ime膷ek (Aisle Research) and Hamza (Metadust) Fix developed by Tom谩拧 Mr谩z Affected from 3.6.0 before 3.6.1 from 3.5.0 before 3.5.5 from 3.4.0 before 3.4.4 References Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference. Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they...

First seen: 2026-01-27 18:05

Last seen: 2026-01-28 01:07

Read Full Article More from this Source
Related News
TikTok settles just before social media addiction trial to begin
2026-01-27 路 5 hits
How many chess games are possible?
2026-01-27 路 4 hits
Clawdbot Renames to Moltbot
2026-01-27 路 6 hits
Management as AI superpower: Thriving in a world of agentic AI
2026-01-27 路 6 hits
FBI is investigating Minnesota Signal chats tracking ICE
2026-01-27 路 6 hits