]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7e0fc05) | patch
kek_unwrap_key(): Fix incorrect check of unwrapped key size
authorViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 11 Sep 2025 16:10:12 +0000 (18:10 +0200)
committerTomas Mraz <tomas@openssl.org>
Mon, 29 Sep 2025 09:59:51 +0000 (11:59 +0200)
commita79c4ce559c6a3a8fd4109e9f33c1185d5bf2def
tree1a7abd1c1421b8666f1bb6dceed5ef56c05d3aebtree | snapshot
parent7e0fc054a08706d194d3355aba4a06003cadfb29commit | diff
kek_unwrap_key(): Fix incorrect check of unwrapped key size

Fixes CVE-2025-9230

The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
crypto/cms/cms_pwri.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git