Severity: Unknown
Affected Package: openssl
Summary: out-of-bounds write in PKCS12_get_friendlyname() UTF-8 conversion
Calling PKCS12_get_friendlyname() on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing a non-ASCII BMP code point can trigger a one-byte write before the allocated buffer, causing memory corruption (Denial of Service). Severity: Low (OpenSSL).
No specific recommendations provided.
Aliases: CVE-2025-69419
Published: June 11, 2026
Last Modified: June 11, 2026