Chanho Kim

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description Processing a specially crafted CMS EnvelopedData message with KeyTransportRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data to crash before authentication or cryptographic operations, resulting in a Denial of Service. The issue occurs when examining the optional parameters field of RSA-OAEP SourceFunc algorithm identifier without verifying its presence, leading to a NULL pointer dereference if the field is missing. Applications and services using CMS decrypt() on untrusted input, such as S/MIME processing or CMS-based protocols, are affected. Recommendations Update to a version after 3.6. Update to a version after 3.5. Update to a version after 3.4. Update to a version after 3.3. Update to a version after 3.0.