Invalid Pointer Dereference in OpenSSL Parsing of Malformed PKCS#12 Files
CVE-2026-22795

5.5MEDIUM

Key Information:

Vendor

OpenSSL
Status
OpenSSL
Vendor
CVE Published:
27 January 2026

What is CVE-2026-22795?

An application processing a malformed PKCS#12 file can suffer from an invalid or NULL pointer dereference, leading to a Denial of Service. The issue arises when the ASN1_TYPE union is accessed without validating the type, triggering a read from an invalid memory address. This vulnerability is limited to a confined memory space, typically causing a crash due to attempts to manipulate unmapped addresses. While exploiting this requires processing untrusted PKCS#12 files—rare in practice—affected versions of OpenSSL could potentially face service interruptions unless patched.

Affected Version(s)

OpenSSL 3.6.0 < 3.6.1

OpenSSL 3.5.0 < 3.5.5

OpenSSL 3.4.0 < 3.4.4

References

https://openssl-library.org/news/secadv/20260127.txt
vendor-advisory
https://github.com/openssl/openssl/commit/ef2fb66ec571564...
patch
https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4...
patch

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Luigino Camastra (Aisle Research)
Bob Beck
.