OpenSSL PBMAC1 Parameter Validation Vulnerability in PKCS#12 Files Allowing Buffer Overflow and Denial-of-Service

A vulnerability exists in OpenSSL versions 3.6, 3.5, and 3.4 due to improper validation of PBMAC1 parameters in PKCS#12 files. During MAC verification, the PBKDF2 salt and key length parameters are used without proper validation, which can lead to a stack-based buffer overflow, or a NULL pointer dereference. The buffer overflow could potentially allow code execution, depending on platform mitigations. This issue requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files typically contain trusted private keys.

Impact

The vulnerability can cause a stack-based buffer overflow or a NULL pointer dereference, leading to a crash and a denial-of-service condition for applications that parse untrusted PKCS#12 files. The buffer overflow could also enable code execution, depending on platform mitigations.

Reproduction

To reproduce this vulnerability, create a PKCS#12 file that uses PBMAC1 for the MAC, and craft the PBKDF2 salt and key length parameters to exploit the lack of validation. The key length should exceed 64 bytes to trigger the buffer overflow, while an improperly formatted salt can cause a NULL pointer dereference.

Remediation

Users of OpenSSL 3.6 should upgrade to OpenSSL 3.6.1, those on OpenSSL 3.5 should upgrade to OpenSSL 3.5.5, and OpenSSL 3.4 users should upgrade to OpenSSL 3.4.4.