OpenSSL NULL Pointer Dereference Vulnerability in CMS Key Agreement Recipient Info

A NULL pointer dereference vulnerability has been identified in OpenSSL's CMS (Cryptographic Message Syntax) processing, specifically within the KeyAgreeRecipientInfo field of a crafted CMS EnvelopedData message. This issue arises because the optional parameters field of the KeyEncryptionAlgorithmIdentifier is accessed without proper validation, leading to a crash when the field is absent. Applications and services that handle untrusted CMS data, such as those processing S/MIME or CMS-based protocols, are susceptible to this vulnerability. The problem is present in OpenSSL versions 3.6, 3.5, 3.4, 3.3, and 3.0, but the FIPS modules in these versions are not affected, as the issue lies outside the FIPS module boundary.

Impact

Exploiting this vulnerability can cause applications to crash, creating a denial-of-service condition. The crash occurs before any authentication or cryptographic operations, leaving no opportunity for recovery.

Reproduction

To reproduce this vulnerability, create a CMS EnvelopedData message that includes KeyAgreeRecipientInfo. Ensure that the KeyEncryptionAlgorithmIdentifier's optional parameters field is omitted. When this message is processed by an application or service that calls CMS_decrypt() on untrusted input, the NULL pointer dereference will occur, causing a crash.

Remediation

Users of OpenSSL 3.6 should upgrade to OpenSSL 3.6.2. Users of OpenSSL 3.5 should upgrade to OpenSSL 3.5.6. Users of OpenSSL 3.4 should upgrade to OpenSSL 3.4.5. Users of OpenSSL 3.3 should upgrade to OpenSSL 3.3.7. Users of OpenSSL 3.0 should upgrade to OpenSSL 3.0.20.