CVE-2025-69419
- Source
- https://cve.org/CVERecord?id=CVE-2025-69419
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69419.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-69419
- Downstream
- Related
- Published
- 2026-01-27T16:16:34.113Z
- Modified
- 2026-01-30T22:53:25.506484Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Issue summary: Calling PKCS12getfriendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.
Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.
The OPENSSLuni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmptoutf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.
The vulnerability is reachable via the public PKCS12getfriendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12parse() uses a different code path that avoids this issue, PKCS12get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.
OpenSSL 1.0.2 is not affected by this issue.
- References
-
- https://openssl-library.org/news/secadv/20260127.txt
- https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296
- https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb
- https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2
- https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015
- https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535
Affected packages
Git / github.com/openssl/openssl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixed
Affected versions
3.*
3.0-POST-CLANG-FORMAT-WEBKIT
3.0-PRE-CLANG-FORMAT-WEBKIT
3.3-POST-CLANG-FORMAT-WEBKIT
3.3-PRE-CLANG-FORMAT-WEBKIT
3.4-POST-CLANG-FORMAT-WEBKIT
3.4-PRE-CLANG-FORMAT-WEBKIT
3.5-POST-CLANG-FORMAT-WEBKIT
3.5-PRE-CLANG-FORMAT-WEBKIT
3.6-POST-CLANG-FORMAT-WEBKIT
3.6-PRE-CLANG-FORMAT-WEBKIT
Other
BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_1
OpenSSL_1_1_1-pre1
OpenSSL_1_1_1-pre2
OpenSSL_1_1_1-pre3
OpenSSL_1_1_1-pre4
OpenSSL_1_1_1-pre5
OpenSSL_1_1_1-pre6
OpenSSL_1_1_1-pre7
OpenSSL_1_1_1-pre8
OpenSSL_1_1_1-pre9
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat
openssl-3.*
openssl-3.0.0
openssl-3.0.0-alpha1
openssl-3.0.0-alpha10
openssl-3.0.0-alpha11
openssl-3.0.0-alpha12
openssl-3.0.0-alpha13
openssl-3.0.0-alpha14
openssl-3.0.0-alpha15
openssl-3.0.0-alpha16
openssl-3.0.0-alpha17
openssl-3.0.0-alpha2
openssl-3.0.0-alpha3
openssl-3.0.0-alpha4
openssl-3.0.0-alpha5
openssl-3.0.0-alpha6
openssl-3.0.0-alpha7
openssl-3.0.0-alpha8
openssl-3.0.0-alpha9
openssl-3.0.0-beta1
openssl-3.0.0-beta2
openssl-3.0.1
openssl-3.0.10
openssl-3.0.11
openssl-3.0.12
openssl-3.0.13
openssl-3.0.14
openssl-3.0.15
openssl-3.0.16
openssl-3.0.17
openssl-3.0.18
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7
openssl-3.0.8
openssl-3.0.9
openssl-3.2.0-alpha1
openssl-3.2.0-alpha2
openssl-3.3.0
openssl-3.3.0-alpha1
openssl-3.3.0-beta1
openssl-3.3.1
openssl-3.3.2
openssl-3.3.3
openssl-3.3.4
openssl-3.3.5
openssl-3.4.0
openssl-3.4.0-alpha1
openssl-3.4.0-beta1
openssl-3.4.1
openssl-3.4.2
openssl-3.4.3
openssl-3.5.0
openssl-3.5.0-alpha1
openssl-3.5.0-beta1
openssl-3.5.1
openssl-3.5.2
openssl-3.5.3
openssl-3.5.4
openssl-3.6.0
openssl-3.6.0-alpha1
openssl-3.6.0-beta1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69419.json"
vanir_signatures
[
{
"source": "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb",
"digest": {
"line_hashes": [
"156983863095094548535338968955595812811",
"153238992315641395177665058487653225478",
"172687070745160318315224274035905216378",
"27082460365194793330044320421038082754",
"4460307226245998230485764046985149278"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/asn1/a_strex.c"
},
"id": "CVE-2025-69419-00da600a"
},
{
"source": "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535",
"digest": {
"length": 1659.0,
"function_hash": "32008225284128195658040746214741547285"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/asn1/a_strex.c",
"function": "do_buf"
},
"id": "CVE-2025-69419-0148fae5"
},
{
"source": "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015",
"digest": {
"line_hashes": [
"156983863095094548535338968955595812811",
"153238992315641395177665058487653225478",
"172687070745160318315224274035905216378",
"27082460365194793330044320421038082754",
"4460307226245998230485764046985149278"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/asn1/a_strex.c"
},
"id": "CVE-2025-69419-0213822e"
},
{
"source": "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2",
"digest": {
"length": 1659.0,
"function_hash": "32008225284128195658040746214741547285"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/asn1/a_strex.c",
"function": "do_buf"
},
"id": "CVE-2025-69419-052d196a"
},
{
"source": "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb",
"digest": {
"length": 733.0,
"function_hash": "269274151202672217402838615120421249016"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/pkcs12/p12_utl.c",
"function": "OPENSSL_uni2utf8"
},
"id": "CVE-2025-69419-09d18a1d"
},
{
"source": "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535",
"digest": {
"line_hashes": [
"8197119098003686502323758297771920675",
"123570346674886058532594910452998387419",
"330848004861723585376374210954232885669",
"125253330896326929862487700185368321824"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/pkcs12/p12_utl.c"
},
"id": "CVE-2025-69419-0b816448"
},
{
"source": "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296",
"digest": {
"length": 1659.0,
"function_hash": "32008225284128195658040746214741547285"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/asn1/a_strex.c",
"function": "do_buf"
},
"id": "CVE-2025-69419-1a2ca58d"
},
{
"source": "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2",
"digest": {
"line_hashes": [
"8197119098003686502323758297771920675",
"123570346674886058532594910452998387419",
"330848004861723585376374210954232885669",
"125253330896326929862487700185368321824"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/pkcs12/p12_utl.c"
},
"id": "CVE-2025-69419-20d57666"
},
{
"source": "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535",
"digest": {
"line_hashes": [
"156983863095094548535338968955595812811",
"153238992315641395177665058487653225478",
"172687070745160318315224274035905216378",
"27082460365194793330044320421038082754",
"4460307226245998230485764046985149278"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/asn1/a_strex.c"
},
"id": "CVE-2025-69419-22e5ee54"
},
{
"source": "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296",
"digest": {
"line_hashes": [
"181089593633653152713225066183099693737",
"99982428748013804425025524034573602503",
"330848004861723585376374210954232885669",
"125253330896326929862487700185368321824"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/pkcs12/p12_utl.c"
},
"id": "CVE-2025-69419-234e393b"
},
{
"source": "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2",
"digest": {
"length": 733.0,
"function_hash": "269274151202672217402838615120421249016"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/pkcs12/p12_utl.c",
"function": "OPENSSL_uni2utf8"
},
"id": "CVE-2025-69419-3fc51a81"
},
{
"source": "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015",
"digest": {
"length": 733.0,
"function_hash": "269274151202672217402838615120421249016"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/pkcs12/p12_utl.c",
"function": "OPENSSL_uni2utf8"
},
"id": "CVE-2025-69419-45d0ac02"
},
{
"source": "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535",
"digest": {
"length": 733.0,
"function_hash": "269274151202672217402838615120421249016"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/pkcs12/p12_utl.c",
"function": "OPENSSL_uni2utf8"
},
"id": "CVE-2025-69419-4eb7055c"
},
{
"source": "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015",
"digest": {
"line_hashes": [
"8197119098003686502323758297771920675",
"123570346674886058532594910452998387419",
"330848004861723585376374210954232885669",
"125253330896326929862487700185368321824"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/pkcs12/p12_utl.c"
},
"id": "CVE-2025-69419-503971c1"
},
{
"source": "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296",
"digest": {
"length": 790.0,
"function_hash": "194066805760282325851600842112568984438"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/pkcs12/p12_utl.c",
"function": "OPENSSL_uni2utf8"
},
"id": "CVE-2025-69419-60009940"
},
{
"source": "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb",
"digest": {
"line_hashes": [
"8197119098003686502323758297771920675",
"123570346674886058532594910452998387419",
"330848004861723585376374210954232885669",
"125253330896326929862487700185368321824"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/pkcs12/p12_utl.c"
},
"id": "CVE-2025-69419-64282a80"
},
{
"source": "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb",
"digest": {
"length": 1659.0,
"function_hash": "32008225284128195658040746214741547285"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/asn1/a_strex.c",
"function": "do_buf"
},
"id": "CVE-2025-69419-6a40bc63"
},
{
"source": "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296",
"digest": {
"line_hashes": [
"156983863095094548535338968955595812811",
"153238992315641395177665058487653225478",
"172687070745160318315224274035905216378",
"27082460365194793330044320421038082754",
"4460307226245998230485764046985149278"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/asn1/a_strex.c"
},
"id": "CVE-2025-69419-b5120323"
},
{
"source": "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2",
"digest": {
"line_hashes": [
"156983863095094548535338968955595812811",
"153238992315641395177665058487653225478",
"172687070745160318315224274035905216378",
"27082460365194793330044320421038082754",
"4460307226245998230485764046985149278"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/asn1/a_strex.c"
},
"id": "CVE-2025-69419-e10f6cf8"
},
{
"source": "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015",
"digest": {
"length": 1659.0,
"function_hash": "32008225284128195658040746214741547285"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "crypto/asn1/a_strex.c",
"function": "do_buf"
},
"id": "CVE-2025-69419-e8965605"
}
]