CVE-2025-11187

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation<br /> which can trigger a stack-based buffer overflow, invalid pointer or NULL<br /> pointer dereference during MAC verification.<br /> <br /> Impact summary: The stack buffer overflow or NULL pointer dereference may<br /> cause a crash leading to Denial of Service for an application that parses<br /> untrusted PKCS#12 files. The buffer overflow may also potentially enable<br /> code execution depending on platform mitigations.<br /> <br /> When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2<br /> salt and keylength parameters from the file are used without validation.<br /> If the value of keylength exceeds the size of the fixed stack buffer used<br /> for the derived key (64 bytes), the key derivation will overflow the buffer.<br /> The overflow length is attacker-controlled. Also, if the salt parameter is<br /> not an OCTET STRING type this can lead to invalid or NULL pointer<br /> dereference.<br /> <br /> Exploiting this issue requires a user or application to process<br /> a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted<br /> PKCS#12 files in applications as they are usually used to store private<br /> keys which are trusted by definition. For this reason the issue was assessed<br /> as Moderate severity.<br /> <br /> The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as<br /> PKCS#12 processing is outside the OpenSSL FIPS module boundary.<br /> <br /> OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.<br /> <br /> OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do<br /> not support PBMAC1 in PKCS#12.