]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1fd7ebe) | patch
kek_unwrap_key(): Fix incorrect check of unwrapped key size
authorViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 11 Sep 2025 16:10:12 +0000 (18:10 +0200)
committerTomas Mraz <tomas@openssl.org>
Mon, 29 Sep 2025 09:58:34 +0000 (11:58 +0200)
commitcaa664ea5bb57b387fe59cee021fc745d473b6cf
tree501437cadeb9454a8a32309b7ae0f6c65e9363c7tree | snapshot
parent1fd7ebe7e420b6c754e84e76db913119b1d48a23commit | diff
kek_unwrap_key(): Fix incorrect check of unwrapped key size

Fixes CVE-2025-9230

The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
crypto/cms/cms_pwri.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git