CVE-2025-11187NULL Pointer Dereference in Openssl

CWE-476NULL Pointer DereferenceCWE-787Out-of-bounds WriteCWE-233Improper Handling of Parameters12 documents8 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 99.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OpensslDebian Openssl
Timeline
PublishedJan 27

Description

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that u

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:HExploitability: 1.3 | Impact: 4.7

Affected Packages5 packages

debiandebian/openssl< openssl 3.5.5-1 (forky)
NVDopenssl/openssl3.4.03.4.4+2
Alpineopenssl/openssl< 3.5.5-r0+1
Debianopenssl/openssl< 3.5.4-1~deb13u2+1
Ubuntuopenssl/openssl< 3.0.2-0ubuntu1.21+6

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
CVE-2025-11187: Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL poin2026-01-27
OSV
openssl, openssl1.0 vulnerabilities2026-01-27
OSV
openssl vulnerabilities2026-01-27
GHSA
GHSA-hpc7-gcqm-58fv: Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL poin2026-01-27
OSV
CVE-2025-11187: Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL poin2026-01-27

📋Vendor Advisories

5
Ubuntu
OpenSSL vulnerabilities2026-01-27
BSD
FreeBSD-SA-26:01.openssl: Multiple vulnerabilities in OpenSSL2026-01-27
Red Hat
openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file2026-01-27
Ubuntu
OpenSSL vulnerabilities2026-01-27
Debian
CVE-2025-11187: openssl - Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which c...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-11187 Impact, Exploitability, and Mitigation Steps | Wiz