{"id":"CVE-2025-69421","details":"Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.","aliases":["ECHO-0529-49f7-34d9"],"modified":"2026-04-14T18:48:33.429494748Z","published":"2026-01-27T16:16:34.437Z","related":["ALSA-2026:1472","ALSA-2026:1473","CGA-4r5h-8hvp-w6xm","MGASA-2026-0029","SUSE-SU-2026:0309-1","SUSE-SU-2026:0310-1","SUSE-SU-2026:0311-1","SUSE-SU-2026:0312-1","SUSE-SU-2026:0331-1","SUSE-SU-2026:0332-1","SUSE-SU-2026:0333-1","SUSE-SU-2026:0343-1","SUSE-SU-2026:0346-1","SUSE-SU-2026:0358-1","SUSE-SU-2026:0359-1","SUSE-SU-2026:0360-1","SUSE-SU-2026:0498-1","SUSE-SU-2026:20211-1","SUSE-SU-2026:20223-1","SUSE-SU-2026:20349-1","SUSE-SU-2026:20373-1","openSUSE-SU-2026:10237-1","openSUSE-SU-2026:20152-1"],"references":[{"type":"ADVISORY","url":"https://openssl-library.org/news/secadv/20260127.txt"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"0"},{"fixed":"3524a29271f8191b8fd8a5257eb05173982a097b"},{"introduced":"0"},{"fixed":"36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7"},{"introduced":"0"},{"fixed":"4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd"},{"introduced":"0"},{"fixed":"643986985cd1c21221f941129d76fe0c2785aeb3"},{"introduced":"0"},{"fixed":"a2dbc539f0f9cc63832709fa5aa33ad9495eb19c"}]}],"versions":["3.0-POST-CLANG-FORMAT-WEBKIT","3.0-PRE-CLANG-FORMAT-WEBKIT","3.3-POST-CLANG-FORMAT-WEBKIT","3.3-PRE-CLANG-FORMAT-WEBKIT","3.4-POST-CLANG-FORMAT-WEBKIT","3.4-PRE-CLANG-FORMAT-WEBKIT","3.5-POST-CLANG-FORMAT-WEBKIT","3.5-PRE-CLANG-FORMAT-WEBKIT","3.6-POST-CLANG-FORMAT-WEBKIT","3.6-PRE-CLANG-FORMAT-WEBKIT","BEFORE_engine","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6-beta3","OpenSSL_1_1_0-pre1","OpenSSL_1_1_0-pre2","OpenSSL_1_1_0-pre3","OpenSSL_1_1_0-pre4","OpenSSL_1_1_0-pre5","OpenSSL_1_1_0-pre6","OpenSSL_1_1_1","OpenSSL_1_1_1-pre1","OpenSSL_1_1_1-pre2","OpenSSL_1_1_1-pre3","OpenSSL_1_1_1-pre4","OpenSSL_1_1_1-pre5","OpenSSL_1_1_1-pre6","OpenSSL_1_1_1-pre7","OpenSSL_1_1_1-pre8","OpenSSL_1_1_1-pre9","master-post-auto-reformat","master-post-reformat","master-pre-auto-reformat","master-pre-reformat","openssl-3.0.0","openssl-3.0.0-alpha1","openssl-3.0.0-alpha10","openssl-3.0.0-alpha11","openssl-3.0.0-alpha12","openssl-3.0.0-alpha13","openssl-3.0.0-alpha14","openssl-3.0.0-alpha15","openssl-3.0.0-alpha16","openssl-3.0.0-alpha17","openssl-3.0.0-alpha2","openssl-3.0.0-alpha3","openssl-3.0.0-alpha4","openssl-3.0.0-alpha5","openssl-3.0.0-alpha6","openssl-3.0.0-alpha7","openssl-3.0.0-alpha8","openssl-3.0.0-alpha9","openssl-3.0.0-beta1","openssl-3.0.0-beta2","openssl-3.0.1","openssl-3.0.10","openssl-3.0.11","openssl-3.0.12","openssl-3.0.13","openssl-3.0.14","openssl-3.0.15","openssl-3.0.16","openssl-3.0.17","openssl-3.0.18","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.0.5","openssl-3.0.6","openssl-3.0.7","openssl-3.0.8","openssl-3.0.9","openssl-3.2.0-alpha1","openssl-3.2.0-alpha2","openssl-3.3.0","openssl-3.3.0-alpha1","openssl-3.3.0-beta1","openssl-3.3.1","openssl-3.3.2","openssl-3.3.3","openssl-3.3.4","openssl-3.3.5","openssl-3.4.0","openssl-3.4.0-alpha1","openssl-3.4.0-beta1","openssl-3.4.1","openssl-3.4.2","openssl-3.4.3","openssl-3.5.0","openssl-3.5.0-alpha1","openssl-3.5.0-beta1","openssl-3.5.1","openssl-3.5.2","openssl-3.5.3","openssl-3.5.4","openssl-3.6.0","openssl-3.6.0-alpha1","openssl-3.6.0-beta1"],"database_specific":{"vanir_signatures":[{"id":"CVE-2025-69421-0b61c516","source":"https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3","target":{"file":"crypto/pkcs12/p12_decr.c"},"signature_version":"v1","digest":{"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"],"threshold":0.9},"deprecated":false,"signature_type":"Line"},{"signature_version":"v1","signature_type":"Function","target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"digest":{"length":755,"function_hash":"282363665924433828558649956598481756185"},"deprecated":false,"source":"https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3","id":"CVE-2025-69421-2443ac5e"},{"id":"CVE-2025-69421-5f3bff8c","deprecated":false,"target":{"file":"crypto/pkcs12/p12_decr.c"},"source":"https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd","signature_version":"v1","digest":{"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","signature_type":"Function","target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"digest":{"length":755,"function_hash":"282363665924433828558649956598481756185"},"deprecated":false,"source":"https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd","id":"CVE-2025-69421-8ce59eb8"},{"id":"CVE-2025-69421-a66c706f","signature_version":"v1","target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"digest":{"length":755,"function_hash":"282363665924433828558649956598481756185"},"deprecated":false,"source":"https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7","signature_type":"Function"},{"id":"CVE-2025-69421-b0975534","source":"https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7","target":{"file":"crypto/pkcs12/p12_decr.c"},"signature_version":"v1","digest":{"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"],"threshold":0.9},"deprecated":false,"signature_type":"Line"},{"id":"CVE-2025-69421-c36dfde8","source":"https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c","target":{"file":"crypto/pkcs12/p12_decr.c"},"signature_version":"v1","digest":{"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"],"threshold":0.9},"deprecated":false,"signature_type":"Line"},{"id":"CVE-2025-69421-d64ceeb0","digest":{"length":755,"function_hash":"282363665924433828558649956598481756185"},"target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"deprecated":false,"signature_version":"v1","source":"https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b","signature_type":"Function"},{"id":"CVE-2025-69421-f9b4c670","source":"https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b","target":{"file":"crypto/pkcs12/p12_decr.c"},"signature_version":"v1","digest":{"line_hashes":["130217298623169198528634587595888215940","315156559523695141524996553787601930602","277576442105540766829804736029134168677"],"threshold":0.9},"deprecated":false,"signature_type":"Line"},{"signature_type":"Function","id":"CVE-2025-69421-ffc081d4","target":{"file":"crypto/pkcs12/p12_decr.c","function":"PKCS12_item_decrypt_d2i_ex"},"digest":{"length":755,"function_hash":"282363665924433828558649956598481756185"},"deprecated":false,"source":"https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c","signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-69421.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}