CVE-2025-11187
MED 6.1Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation
which can trigger a stack-based buffer overflow, invalid pointer or NULL
pointer dereference during MAC verification.
Impact summary: The stack buffer overflow or NULL pointer dereference may
cause a crash leading to Denial of Service for an application that parses
untrusted PKCS#12 files. The buffer overflow may also potentially enable
code execution depending on platform mitigations.
When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2
salt and keylength parameters from the file are used without validation.
If the value of keylength exceeds the size of the fixed stack buffer used
for the derived key (64 bytes), the key derivation will overflow the buffer.
The overflow length is attacker-controlled. Also, if the salt parameter is
not an OCTET STRING type this can lead to invalid or NULL pointer
dereference.
Exploiting this issue requires a user or application to process
a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted
PKCS#12 files in applications as they are usually used to store private
keys which are trusted by definition. For this reason the issue was assessed
as Moderate severity.
The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as
PKCS#12 processing is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.
OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do
not support PBMAC1 in PKCS#12.
Affected Applications in Environment
27
openssl
v3.0.13-0ubuntu3.7
58 devices
openssl
v1.1.1f-1ubuntu2.24
11 devices
openssl
v1:3.5.1-4.el9_7
2 devices
openssl
v1:3.2.2-6.el9_5.1
23 devices
openssl
v1.1.1w-0+deb11u4
5 devices
openssl
v3.0.2-0ubuntu1.21
27 devices
openssl
v1.1.1-1ubuntu2.1~18.04.23
1 device
openssl
v1.1.1w-0+deb11u5
7 devices
openssl
v1:3.5.1-7.el9_7
2 devices
openssl
v3.5.4-1~deb13u1
3 devices
openssl
v1:1.0.2k-26.el7_9
1 device
openssl
v1.0.2g-1ubuntu4.20
3 devices
openssl
v3.5.4-1~deb13u2
3 devices
openssl
v1:1.1.1k-14.el8_6
3 devices
openssl
v1:3.5.1-5.el9_7
1 device
openssl
v1:1.1.1k-15.el8_10
1 device
openssl
v1.0.1f-1ubuntu2.27
1 device
openssl
v1.0.2g-1ubuntu4.20+esm14
1 device
openssl
v1:1.1.1k-14.el8_10
3 devices
openssl
v1:1.1.1k-14.el8_10
4 devices
openssl
v1:3.5.1-7.el9_7
1 device
openssl
v1.1.1n-0+deb10u6
1 device
openssl
v1:3.2.2-6.0.1.el9_5.1
1 device
openssl
v3.4.1-1ubuntu4
1 device
openssl
v1:3.5.1-3.el9
1 device
openssl
v1:3.5.1-7.el10_1
1 device
pyOpenSSL
v0.13.1-4.el7
1 device
Affected Devices
166
2ua5171h8k
Linux
DPCOMPdemoserver
Linux
DPNCHA-194733
Linux
acmedns
Linux
administrator-SYS-4029GP-TRT2
Linux
aggietower
Linux
ah-ots
Linux
atc.db.usu.edu
Linux
auto-score
Linux
awep1
Linux
bacha25
Linux
bennett-HP-Z2-SFF-G4-Workstation
Linux
blakeutil
Linux
bloodhound
Linux
capahab
Linux
cceredcapdb
Linux
cceredcapweb
Linux
chela03
Linux
chela04
Linux
chela05
Linux
cleanaddressdev.banner.usu.edu
Linux
csf
Linux
devjobsub.banner.usu.edu
Linux
dist
Linux
dpapsb-161390.aggies.usu.edu
Linux
dpapsb-191594.mypc.usu.edu
Linux
educweb
Linux
el103-02.ece.usu.edu
Linux
el103-03.ece.usu.edu
Linux
el103-04.ece.usu.edu
Linux
el103-05.ece.usu.edu
Linux
el103-07.ece.usu.edu
Linux
el103-08.ece.usu.edu
Linux
el103-09.ece.usu.edu
Linux
el103-10.ece.usu.edu
Linux
el103-14.ece.usu.edu
Linux
el103-15.ece.usu.edu
Linux
el103-16.ece.usu.edu
Linux
el103-17.ece.usu.edu
Linux
el103-18.ece.usu.edu
Linux
el103-19.ece.usu.edu
Linux
el103-20.ece.usu.edu
Linux
el120-01.ece.usu.edu
Linux
el120-02.ece.usu.edu
Linux
el120-03.ece.usu.edu
Linux
el120-04.ece.usu.edu
Linux
el120-05.ece.usu.edu
Linux
el120-06.ece.usu.edu
Linux
el120-08.ece.usu.edu
Linux
el120-09.ece.usu.edu
Linux
el120-10.ece.usu.edu
Linux
el120-11.ece.usu.edu
Linux
el120-12.ece.usu.edu
Linux
el120-14.ece.usu.edu
Linux
elend
Linux
emby
Linux
eprocdev.banner.usu.edu
Linux
ezidadmin
Linux
facreadyprod.pplant.usu.edu
Linux
facreadytestrhel.pplant.usu.edu
Linux
facshibsp2.pplant.usu.edu
Linux
flexnet
Linux
fw
Linux
gul4.usu.edu
Linux
guru.cluster
Linux
hackedpasswords
Linux
hotcheeto
Linux
infosec-grafana
Linux
intune-mcc1
Linux
intune-mcc3
Linux
itfinance
Linux
itls-wp
Linux
jed
Linux
joek-HP-Z2-SFF-G9-Workstation-Desktop-PC
Linux
kcm.usu.edu
Linux
kena-utility
Linux
kmlab
Linux
ldap-lb01
Linux
ldap-lb02
Linux
libki-server
Linux
log
Linux
mail
Linux
mail
Linux
miscdata
Linux
miscnet
Linux
monitor01
Linux
monitor02
Linux
my1
Linux
my2
Linux
mysql02
Linux
nt
Linux
omekanew
Linux
oms.db.usu.edu
Linux
owenclarke-OptiPlex-7090
Linux
paymentworksdev.banner.usu.edu
Linux
promnet
Linux
rcbd
Linux
rcdb-dev
Linux
redcapweb
Linux
s2backups
Linux
seaweed
Linux
second-thrifted-tractor
Linux
sectap1
Linux
sentry
Linux
server1mathusuedu
Linux
server2math
Linux
solar
Linux
spencer-funk-HP-Z2-SFF-G5-Workstation
Linux
starfleetpad
Linux
storm
Linux
strat
Linux
svn.usu.edu
Linux
sympa.ser321.usu.edu
Linux
sys-serv-l-301-data
Linux
thinkstation
Linux
tsutil.it.usu.edu
Linux
vinmathusuedu
Linux
vrtour
Linux
web-lb-stage.usu.edu
Linux
web-lb01-redirect.usu.edu
Linux
web-lb01.usu.edu
Linux
web-lb02-redirect.usu.edu
Linux
web-lb02.usu.edu
Linux
web-lb03-redirect.usu.edu
Linux
web-lb03.usu.edu
Linux
web-lb04.usu.edu
Linux
web02.usu.edu
Linux
web03.usu.edu
Linux
web04a
Linux
web05
Linux
web06
Linux
web08.usu.edu
Linux
web09.usu.edu
Linux
web10
Linux
web10-awhc
Linux
web10-awhc
Linux
web11.usu.edu
Linux
web12.usu.edu
Linux
web13.usu.edu
Linux
web14.usu.edu
Linux
web15.usu.edu
Linux
web16.usu.edu
Linux
web17
Linux
web18
Linux
web19.usu.edu
Linux
web20
Linux
web21
Linux
web22
Linux
web23
Linux
web24
Linux
web25
Linux
web27.usu.edu
Linux
web28
Linux
web29.usu.edu
Linux
web30.usu.edu
Linux
web31.usu.edu
Linux
web32.usu.edu
Linux
web33.usu.edu
Linux
web34.usu.edu
Linux
web35.usu.edu
Linux
web36.usu.edu
Linux
web37.usu.edu
Linux
webs.usu.edu
Linux
webtools
Linux
wpad
Linux
zldtst.db.usu.edu
Linux
References
5
- https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206
- https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8
- https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e
- https://openssl-library.org/news/secadv/20260127.txt
- https://github.com/metadust/CVE-2025-11187