vulnerability
Red Hat: CVE-2025-11187: openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:S/C:P/I:P/A:C) | Jan 27, 2026 | Jan 29, 2026 | Jan 30, 2026 |
Severity
6
CVSS
(AV:L/AC:M/Au:S/C:P/I:P/A:C)
Published
Jan 27, 2026
Added
Jan 29, 2026
Modified
Jan 30, 2026
Description
A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.
Solutions
redhat-upgrade-opensslredhat-upgrade-openssl-debuginforedhat-upgrade-openssl-debugsourceredhat-upgrade-openssl-develredhat-upgrade-openssl-libsredhat-upgrade-openssl-libs-debuginforedhat-upgrade-openssl-perl
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.