]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: abf150f) | patch
kek_unwrap_key(): Fix incorrect check of unwrapped key size
authorViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 11 Sep 2025 16:10:12 +0000 (18:10 +0200)
committerTomas Mraz <tomas@openssl.org>
Mon, 29 Sep 2025 09:59:42 +0000 (11:59 +0200)
commitb5282d677551afda7d20e9c00e09561b547b2dfd
tree5b6affe1e80f85a8fd6abad9db3e73386f79ce74tree | snapshot
parentabf150f966e25872822da29e23ec0d13b0bc66e9commit | diff
kek_unwrap_key(): Fix incorrect check of unwrapped key size

Fixes CVE-2025-9230

The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
crypto/cms/cms_pwri.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git