{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69419", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "state": "PUBLISHED", "assignerShortName": "openssl", "dateReserved": "2026-01-06T12:44:09.945Z", "datePublished": "2026-01-27T16:01:24.822Z", "dateUpdated": "2026-01-29T15:09:39.154Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"lessThan": "3.6.1", "status": "affected", "version": "3.6.0", "versionType": "semver"}, {"lessThan": "3.5.5", "status": "affected", "version": "3.5.0", "versionType": "semver"}, {"lessThan": "3.4.4", "status": "affected", "version": "3.4.0", "versionType": "semver"}, {"lessThan": "3.3.6", "status": "affected", "version": "3.3.0", "versionType": "semver"}, {"lessThan": "3.0.19", "status": "affected", "version": "3.0.0", "versionType": "semver"}, {"lessThan": "1.1.1ze", "status": "affected", "version": "1.1.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Stanislav Fort (Aisle Research)"}, {"lang": "en", "type": "remediation developer", "value": "Norbert P\u00f3cs"}], "datePublic": "2026-01-27T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously<br>crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing<br>non-ASCII BMP code point can trigger a one byte write before the allocated<br>buffer.<br><br>Impact summary: The out-of-bounds write can cause a memory corruption<br>which can have various consequences including a Denial of Service.<br><br>The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12<br>BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,<br>the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16<br>source byte count as the destination buffer capacity to UTF8_putc(). For BMP<br>code points above U+07FF, UTF-8 requires three bytes, but the forwarded<br>capacity can be just two bytes. UTF8_putc() then returns -1, and this negative<br>value is added to the output length without validation, causing the<br>length to become negative. The subsequent trailing NUL byte is then written<br>at a negative offset, causing write outside of heap allocated buffer.<br><br>The vulnerability is reachable via the public PKCS12_get_friendlyname() API<br>when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a<br>different code path that avoids this issue, PKCS12_get_friendlyname() directly<br>invokes the vulnerable function. Exploitation requires an attacker to provide<br>a malicious PKCS#12 file to be parsed by the application and the attacker<br>can just trigger a one zero byte write before the allocated buffer.<br>For that reason the issue was assessed as Low severity according to our<br>Security Policy.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,<br>as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue."}], "value": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue."}], "metrics": [{"format": "other", "other": {"content": {"text": "Low"}, "type": "https://openssl-library.org/policies/general/security-policy/"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2026-01-27T16:01:24.822Z"}, "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory"], "url": "https://openssl-library.org/news/secadv/20260127.txt"}, {"name": "3.6.1 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb"}, {"name": "3.5.5 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535"}, {"name": "3.4.4 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015"}, {"name": "3.3.6 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2"}, {"name": "3.0.19 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296"}], "source": {"discovery": "UNKNOWN"}, "title": "Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-29T15:09:04.605559Z", "id": "CVE-2025-69419", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T15:09:39.154Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69419", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-29T15:09:04.605559Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T15:09:33.088Z"}}], "cna": {"title": "Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Stanislav Fort (Aisle Research)"}, {"lang": "en", "type": "remediation developer", "value": "Norbert P\u00f3cs"}], "metrics": [{"other": {"type": "https://openssl-library.org/policies/general/security-policy/", "content": {"text": "Low"}}, "format": "other"}], "affected": [{"vendor": "OpenSSL", "product": "OpenSSL", "versions": [{"status": "affected", "version": "3.6.0", "lessThan": "3.6.1", "versionType": "semver"}, {"status": "affected", "version": "3.5.0", "lessThan": "3.5.5", "versionType": "semver"}, {"status": "affected", "version": "3.4.0", "lessThan": "3.4.4", "versionType": "semver"}, {"status": "affected", "version": "3.3.0", "lessThan": "3.3.6", "versionType": "semver"}, {"status": "affected", "version": "3.0.0", "lessThan": "3.0.19", "versionType": "semver"}, {"status": "affected", "version": "1.1.1", "lessThan": "1.1.1ze", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-01-27T14:00:00.000Z", "references": [{"url": "https://openssl-library.org/news/secadv/20260127.txt", "name": "OpenSSL Advisory", "tags": ["vendor-advisory"]}, {"url": "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "name": "3.6.1 git commit", "tags": ["patch"]}, {"url": "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "name": "3.5.5 git commit", "tags": ["patch"]}, {"url": "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "name": "3.4.4 git commit", "tags": ["patch"]}, {"url": "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "name": "3.3.6 git commit", "tags": ["patch"]}, {"url": "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "name": "3.0.19 git commit", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously<br>crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing<br>non-ASCII BMP code point can trigger a one byte write before the allocated<br>buffer.<br><br>Impact summary: The out-of-bounds write can cause a memory corruption<br>which can have various consequences including a Denial of Service.<br><br>The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12<br>BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,<br>the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16<br>source byte count as the destination buffer capacity to UTF8_putc(). For BMP<br>code points above U+07FF, UTF-8 requires three bytes, but the forwarded<br>capacity can be just two bytes. UTF8_putc() then returns -1, and this negative<br>value is added to the output length without validation, causing the<br>length to become negative. The subsequent trailing NUL byte is then written<br>at a negative offset, causing write outside of heap allocated buffer.<br><br>The vulnerability is reachable via the public PKCS12_get_friendlyname() API<br>when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a<br>different code path that avoids this issue, PKCS12_get_friendlyname() directly<br>invokes the vulnerable function. Exploitation requires an attacker to provide<br>a malicious PKCS#12 file to be parsed by the application and the attacker<br>can just trigger a one zero byte write before the allocated buffer.<br>For that reason the issue was assessed as Low severity according to our<br>Security Policy.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,<br>as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2026-01-27T16:01:24.822Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69419", "state": "PUBLISHED", "dateUpdated": "2026-01-29T15:09:39.154Z", "dateReserved": "2026-01-06T12:44:09.945Z", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "datePublished": "2026-01-27T16:01:24.822Z", "assignerShortName": "openssl"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "E000B986-6A31-468F-9EA3-B9D16DB16FB2", "versionEndExcluding": "1.1.1ze", "versionStartIncluding": "1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA", "versionEndExcluding": "3.0.19", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5292E9E-6B50-409F-9219-7B0A04047AD8", "versionEndExcluding": "3.3.6", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619", "versionEndExcluding": "3.4.4", "versionStartIncluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62", "versionEndExcluding": "3.5.5", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5", "versionEndExcluding": "3.6.1", "versionStartIncluding": "3.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue."}], "id": "CVE-2025-69419", "lastModified": "2026-02-02T18:35:02.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-27T16:16:34.113", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://openssl-library.org/news/secadv/20260127.txt"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "id": "2430386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-131", "details": ["A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw."}, "name": "CVE-2025-69419", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "shim-unsigned-aarch64", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "shim-unsigned-x64", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mingw-openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "shim-unsigned-x64", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "compat-openssl11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "shim-unsigned-aarch64", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "shim-unsigned-x64", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-01-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-69419\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-69419"], "statement": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL's PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.", "threat_severity": "Moderate"}