Date: Tue, 30 Sep 2025 15:30:02 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: c0dbaf2b5dbd - stable/13 - Fix issue from OpenSSL. Message-ID: <202509301530.58UFU2fr050592@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=c0dbaf2b5dbd16c113a6346ee748fd474fe192e5 commit c0dbaf2b5dbd16c113a6346ee748fd474fe192e5 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2025-09-30 15:28:59 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2025-09-30 15:28:59 +0000 Fix issue from OpenSSL. Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) Obtained from: OpenSSL Approved by: so Security: FreeBSD-SA-25:08.openssl Security: CVE-2025-9230 --- crypto/openssl/crypto/cms/cms_pwri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/openssl/crypto/cms/cms_pwri.c b/crypto/openssl/crypto/cms/cms_pwri.c index d7414883396c..9f98840244ea 100644 --- a/crypto/openssl/crypto/cms/cms_pwri.c +++ b/crypto/openssl/crypto/cms/cms_pwri.c @@ -215,7 +215,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, /* Check byte failure */ goto err; } - if (inlen < (size_t)(tmp[0] - 4)) { + if (inlen < 4 + (size_t)tmp[0]) { /* Invalid length value */ goto err; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509301530.58UFU2fr050592>