CVE-2026-22795 — Improper Check for Unusual or Exceptional Conditions in Openssl

CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-843 — Type Confusion25 documents9 sources

Severity

5.5MEDIUMNVD

OSV6.1

EPSS

0.0%

top 94.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl

Timeline

PublishedJan 27

Description

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5openssl/openssl3.6.0 — 3.6.1+5

▶NVDopenssl/openssl1.1.1 — 1.1.1ze+5

▶Alpineopenssl/openssl< 3.0.19-r0+4

▶Debianopenssl/openssl< 1.1.1w-0+deb11u5+3

▶Ubuntuopenssl/openssl< 3.0.2-0ubuntu1.21+9

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2026-22795: Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file↗2026-01-27

▶

GHSA

GHSA-3vqq-45qg-2xf6: Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file↗2026-01-27

▶

OSV

openssl, openssl1.0 vulnerabilities↗2026-01-27

▶

OSV

CVE-2026-22795: Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file↗2026-01-27

▶

CVEList

Missing ASN1_TYPE validation in PKCS#12 parsing↗2026-01-27

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2026-01-27

▶

BSD

FreeBSD-SA-26:01.openssl: Multiple vulnerabilities in OpenSSL↗2026-01-27

▶

Red Hat

openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing↗2026-01-27

▶

Ubuntu

OpenSSL vulnerabilities↗2026-01-27

▶

Debian

CVE-2026-22795: openssl - Issue summary: An invalid or NULL pointer dereference can happen in an applicati...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2025-15469 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-2673 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-69421 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-22796 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-15468 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶