Petr Šimeček

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.4.0 through 3.6.0 **Description** The vulnerability relates to improper validation of PBMAC1 parameters within PKCS#12 files. Specifically, the PBKDF2 salt and keylength parameters are used without sufficient validation during MAC verification. If the `keylength` value exceeds the size of a fixed stack buffer (64 bytes), a stack-based buffer overflow can occur. Additionally, if the `salt` parameter is not an OCTET STRING type, it can lead to an invalid or NULL pointer dereference. Exploitation requires processing a maliciously crafted PKCS#12 file. This can result in a denial of service (DoS) due to application crashes, and potentially enable code execution depending on platform mitigations. The FIPS modules in versions 3.6, 3.5, and 3.4 are not affected, as PKCS#12 processing falls outside the FIPS module boundary. The vulnerability is triggered when verifying a PKCS#12 file that uses PBMAC1 for the MAC. Attackers can deliver a malicious .p12/.pfx file to systems that import or validate PKCS#12 files from external sources. **Recommendations** Upgrade to OpenSSL version 3.4.1, 3.5.1, or 3.6.1 or later. Restrict or disable PKCS#12 import/upload features where feasible. Add strict validation controls, including file size limits and content-type enforcement. Isolate PKCS#12 parsing into a sandboxed or helper process. Monitor for crashes or segmentation faults in certificate-handling components and OpenSSL error patterns related to PKCS#12 verification. Identify all services that parse .p12/.pfx files.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.2 through 3.6 OpenSSL versions 1.1.1 OpenSSL versions 3.0 through 3.6 OpenSSL versions 3.3 through 3.6 OpenSSL versions 3.4 through 3.6 OpenSSL versions 3.5 through 3.6 **Description** A heap-based out-of-bounds write can occur when writing large, newline-free data into a BIO chain utilizing the line-buffering filter, particularly when the subsequent BIO performs short writes. This memory corruption can lead to a denial of service. The line-buffering BIO filter (BIO f linebuffer) is not typically used in default TLS/SSL configurations. The issue is assessed as low severity due to the unlikely circumstances of attacker control and the filter's limited use with attacker-controlled data. The FIPS modules in versions 3.0, 3.3, 3.4, 3.5, and 3.6 are not affected as the BIO implementation is outside the FIPS module boundary. **Recommendations** OpenSSL version 1.0.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL version 1.1.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.0 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.3 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.4 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.5 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.