CVE-2025-69421

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer<br /> dereference in the PKCS12_item_decrypt_d2i_ex() function.<br /> <br /> Impact summary: A NULL pointer dereference can trigger a crash which leads to<br /> Denial of Service for an application processing PKCS#12 files.<br /> <br /> The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct<br /> parameter is NULL before dereferencing it. When called from<br /> PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can<br /> be NULL, causing a crash. The vulnerability is limited to Denial of Service<br /> and cannot be escalated to achieve code execution or memory disclosure.<br /> <br /> Exploiting this issue requires an attacker to provide a malformed PKCS#12 file<br /> to an application that processes it. For that reason the issue was assessed as<br /> Low severity according to our Security Policy.<br /> <br /> The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,<br /> as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.<br /> <br /> OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.