Bug 2396054 (CVE-2025-9230)

Summary: CVE-2025-9230 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, anthomas, bkabrda, brasmith, bsmejkal, cochase, crizzo, csutherl, dbosanac, dranck, ehelms, ggainey, gotiwari, gtanzill, jachapma, jbuscemi, jcantril, jclere, jgrulich, jhorak, jmitchel, jreimann, juwatts, jvasik, jwendell, kaycoth, kshier, lball, mdessi, mhulan, mrizzi, mvyas, ngough, nicolas.koechling, nmoumoul, osousa, pcattana, pcreech, pjindal, plodge, progier, rblanco, rcernich, rchan, rojacob, sdawley, security-response-team, smallamp, spichugi, ssidhaye, stcannon, szappis, tbordaz, teagle, tmalecek, tpopela, vashirov, vchlup, veshanka, vmugicag, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2400658, 2400659, 2400660, 2400661, 2400662, 2400670, 2400672, 2400663, 2400664, 2400665, 2400666, 2400668, 2400674, 2400676, 2400678, 2400680, 2400682    
Bug Blocks:    
Deadline: 2025-09-30   

Description OSIDB Bzimport 2025-09-17 12:18:14 UTC 
Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.

Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.

Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that the attacker would be able to
perform it is low. Besides, password based (PWRI) encryption support in CMS
messages is very rarely used. For that reason the issue was assessed as
Moderate severity according to our Security Policy.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.

OpenSSL 3.5, 3.4, 3.3, 3.2, 3.0 and 1.1.1 are vulnerable to this issue.
Comment 2 errata-xmlrpc 2025-11-12 22:22:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:21174 https://access.redhat.com/errata/RHSA-2025:21174
Comment 3 errata-xmlrpc 2025-11-13 11:05:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21248 https://access.redhat.com/errata/RHSA-2025:21248
Comment 4 errata-xmlrpc 2025-11-13 11:26:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:21255 https://access.redhat.com/errata/RHSA-2025:21255
Comment 5 errata-xmlrpc 2025-11-17 15:18:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:21562 https://access.redhat.com/errata/RHSA-2025:21562