{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T03:18:26.190","vulnerabilities":[{"cve":{"id":"CVE-2025-69421","sourceIdentifier":"openssl-security@openssl.org","published":"2026-01-27T16:16:34.437","lastModified":"2026-02-28T04:16:17.457","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."},{"lang":"es","value":"Resumen del problema: Procesar un archivo PKCS#12 malformado puede desencadenar una desreferencia de puntero NULL en la función PKCS12_item_decrypt_d2i_ex().\n\nResumen del impacto: Una desreferencia de puntero NULL puede desencadenar un fallo que lleva a la denegación de servicio para una aplicación que procesa archivos PKCS#12.\n\nLa función PKCS12_item_decrypt_d2i_ex() no comprueba si el parámetro oct es NULL antes de desreferenciarlo. Cuando se llama desde PKCS12_unpack_p7encdata() con un archivo PKCS#12 malformado, este parámetro puede ser NULL, causando un fallo. La vulnerabilidad está limitada a la denegación de servicio y no puede ser escalada para lograr la ejecución de código o la divulgación de memoria.\n\nExplotar este problema requiere que un atacante proporcione un archivo PKCS#12 malformado a una aplicación que lo procesa. Por esa razón, el problema fue evaluado como de baja severidad según nuestra Política de Seguridad.\n\nLos módulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementación de PKCS#12 está fuera del límite del módulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 y 1.0.2 son vulnerables a este problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"openssl-security@openssl.org","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2zn","matchCriteriaId":"6A8EC60C-05EC-4886-8C82-63AEF4BDA8D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndIncluding":"1.1.1ze","matchCriteriaId":"A940A7B2-E35C-420E-A0EE-F1089180C133"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.19","matchCriteriaId":"C76C5F55-5243-4461-82F5-2FEBFF4D59FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.6","matchCriteriaId":"F5292E9E-6B50-409F-9219-7B0A04047AD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.4","matchCriteriaId":"B9D3DCAE-317D-4DFB-93F0-7A235A229619"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.5","matchCriteriaId":"1CAC7CBE-EC03-4089-938A-0CEEB2E09B62"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.1","matchCriteriaId":"68352537-5E99-4F4D-B78A-BCF0353A70A5"}]}]}],"references":[{"url":"https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://openssl-library.org/news/secadv/20260127.txt","source":"openssl-security@openssl.org","tags":["Vendor Advisory"]}]}}]}