MNBSD-2026-40: NULL pointer dereference in PKCS12_item_decrypt_d2i_ex()

Severity: Unknown

Affected Package: openssl

Summary: NULL pointer dereference in PKCS12_item_decrypt_d2i_ex()

Description

Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in PKCS12_item_decrypt_d2i_ex(), leading to a crash (Denial of Service). Severity: Low (OpenSSL).

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2025-69421

Published: June 11, 2026
Last Modified: June 11, 2026