PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash. The OpenSSL project did announce a new release, which is assumed to contain this bug fix; that release will be published on Jan 30th. Reference: https://github.com/openssl/openssl/pull/23362
Created edk2 tracking bugs for this issue: Affects: fedora-all [bug 2259948] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 2259947] Created openssl11 tracking bugs for this issue: Affects: epel-all [bug 2259946] Created shim tracking bugs for this issue: Affects: fedora-all [bug 2259949]
Created openssl3 tracking bugs for this issue: Affects: epel-all [bug 2259950]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2447 https://access.redhat.com/errata/RHSA-2024:2447
There are PKCS7 ContentInfo fields in PKCS12 structures. If you don't want to use them, these fields can be NULL, even if the "type" is a valid number. Reference: https://github.com/openssl/openssl/pull/23362 https://gorillatag.io/