Bug 2396054 (CVE-2025-9230) - CVE-2025-9230 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
Summary: CVE-2025-9230 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
Keywords:
Status: NEW
Alias: CVE-2025-9230
Deadline: 2025-09-30
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2400658 2400659 2400660 2400661 2400662 2400670 2400672 2400663 2400664 2400665 2400666 2400668 2400674 2400676 2400678 2400680 2400682
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-17 12:18 UTC by OSIDB Bzimport
Modified: 2025-11-20 08:38 UTC (History)
61 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:21347 0 None None None 2025-11-13 15:24:47 UTC
Red Hat Product Errata RHBA-2025:21465 0 None None None 2025-11-17 08:35:33 UTC
Red Hat Product Errata RHBA-2025:21769 0 None None None 2025-11-19 15:51:02 UTC
Red Hat Product Errata RHBA-2025:21822 0 None None None 2025-11-20 08:38:32 UTC
Red Hat Product Errata RHSA-2025:21174 0 None None None 2025-11-12 22:22:35 UTC
Red Hat Product Errata RHSA-2025:21248 0 None None None 2025-11-13 11:05:54 UTC
Red Hat Product Errata RHSA-2025:21255 0 None None None 2025-11-13 11:26:39 UTC
Red Hat Product Errata RHSA-2025:21562 0 None None None 2025-11-17 15:18:20 UTC

Description OSIDB Bzimport 2025-09-17 12:18:14 UTC 
Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.

Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.

Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that the attacker would be able to
perform it is low. Besides, password based (PWRI) encryption support in CMS
messages is very rarely used. For that reason the issue was assessed as
Moderate severity according to our Security Policy.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.

OpenSSL 3.5, 3.4, 3.3, 3.2, 3.0 and 1.1.1 are vulnerable to this issue.
Comment 2 errata-xmlrpc 2025-11-12 22:22:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:21174 https://access.redhat.com/errata/RHSA-2025:21174
Comment 3 errata-xmlrpc 2025-11-13 11:05:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21248 https://access.redhat.com/errata/RHSA-2025:21248
Comment 4 errata-xmlrpc 2025-11-13 11:26:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:21255 https://access.redhat.com/errata/RHSA-2025:21255
Comment 5 errata-xmlrpc 2025-11-17 15:18:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:21562 https://access.redhat.com/errata/RHSA-2025:21562
Note You need to log in before you can comment on or make changes to this bug.