OpenSSL NULL Pointer Dereference Vulnerability in PKCS#12 Parsing

Vulnerability

A vulnerability allowing NULL or invalid pointer dereference has been identified in OpenSSL versions 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1, excluding 1.0.2. This issue arises when an application processes a malformed PKCS#12 file, leading to a denial-of-service condition. The vulnerability is rooted in the PKCS#12 parsing code, where an ASN1_TYPE union member is accessed without proper type validation, creating a type confusion that can be exploited by manipulating pointer addresses. The exploitation requires the application to handle a maliciously crafted PKCS#12 file, which is uncommon as these files typically contain trusted private keys.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash and denial-of-service condition for the application processing the PKCS#12 file.

Reproduction

To reproduce this vulnerability, an application must be made to process a maliciously crafted PKCS#12 file. This can be done by using the OpenSSL command-line tool or by developing an application that uses the OpenSSL library to handle PKCS#12 files. The crafted file should be designed to exploit the lack of type validation in the PKCS#12 parsing code, such as by including an ASN1_TYPE union member that is not properly validated before being accessed.

Remediation

Users of OpenSSL 3.6 should upgrade to OpenSSL 3.6.1, those on OpenSSL 3.5 should upgrade to OpenSSL 3.5.5, and users of OpenSSL 3.4 should upgrade to OpenSSL 3.4.4.

Added: Jan 27, 2026, 4:26 PM
Updated: Jan 27, 2026, 4:26 PM

Vulnerability Rating

Custom Algorithm
spread
8.6
impact
2.5
exploitability
9.1
remediation
7.7
relevance
1.5
threat
4.8
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.