]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 033a348) | patch
kek_unwrap_key(): Fix incorrect check of unwrapped key size
authorViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 11 Sep 2025 16:10:12 +0000 (18:10 +0200)
committerTomas Mraz <tomas@openssl.org>
Mon, 29 Sep 2025 09:58:46 +0000 (11:58 +0200)
commitbae259a211ada6315dc50900686daaaaaa55f482
tree3d2ad8091f24630a1a5f983de035f3919911e6b5tree | snapshot
parent033a3480ca317caa8284ace552a4d97e39d2173acommit | diff
kek_unwrap_key(): Fix incorrect check of unwrapped key size

Fixes CVE-2025-9230

The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
crypto/cms/cms_pwri.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git